chore(clients): enable identity-and-auth SRA by default (#6299)

* feat(experimentalIdentityAndAuth): enable identity and auth by default

* feat(codegen): refactor builtin plugins

* chore: maintain id&a exclusion list

* chore: set legacyAuth list and awsauth plugin order

* chore: codegen sync

* chore(codegen): update smithy hash for id&auth SRA

* chore: codegen sync for id&auth

* chore: update smithy hash for parm ordering fix

* chore: update yarn lock

---------

Co-authored-by: Steven Yuan <yuasteve@amazon.com>

CONTRIBUTING.md

@@ -149,9 +149,9 @@ experimental features that can affect `aws-sdk-js-v3`. These features are enable
 Note that any contributions related to these features MUST be reviewed carefully for opt-in behavior via feature flags
 as to not break any existing customers. Here are the experimental features that are currently under development:
 
-| Experimental Feature | Flag  | Description  |
-| -------------------- | ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Identity & Auth | `experimentalIdentityAndAuth` | Standardize identity and auth integrations to match the Smithy specification (see [Authentication Traits](https://smithy.io/2.0/spec/authentication-traits.html)). Newer capabilities include support for multiple auth schemes, `@optionalAuth`, and standardized identity interfaces for authentication schemes both in code generation and TypeScript packages. In `smithy-typescript`, `@httpApiKeyAuth` will be updated to use the new standardized interfaces. In `aws-sdk-js-v3` (`smithy-typescript`'s largest customer), this will affect `@aws.auth#sigv4` and `@httpBearerAuth` implementations, but is planned to be completely backwards-compatible. |
+| Experimental Feature | Flag | Description |
+| -------------------- | ---- | ----------- |
+| N/A   | N/A | N/A  |
 
 ## Build caching
 

clients/client-accessanalyzer/src/AccessAnalyzerClient.ts

@@ -352,11 +352,11 @@ export interface ClientDefaults extends Partial<__SmithyConfiguration<__HttpHand
  */
 export type AccessAnalyzerClientConfigType = Partial<__SmithyConfiguration<__HttpHandlerOptions>> &
  ClientDefaults &
- RegionInputConfig &
- EndpointInputConfig<EndpointParameters> &
- HostHeaderInputConfig &
  UserAgentInputConfig &
  RetryInputConfig &
+ RegionInputConfig &
+ HostHeaderInputConfig &
+ EndpointInputConfig<EndpointParameters> &
  HttpAuthSchemeInputConfig &
  ClientInputEndpointParameters;
 /**
@@ -372,11 +372,11 @@ export interface AccessAnalyzerClientConfig extends AccessAnalyzerClientConfigTy
 export type AccessAnalyzerClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpHandlerOptions> &
  Required<ClientDefaults> &
  RuntimeExtensionsConfig &
- RegionResolvedConfig &
- EndpointResolvedConfig<EndpointParameters> &
- HostHeaderResolvedConfig &
  UserAgentResolvedConfig &
  RetryResolvedConfig &
+ RegionResolvedConfig &
+ HostHeaderResolvedConfig &
+ EndpointResolvedConfig<EndpointParameters> &
  HttpAuthSchemeResolvedConfig &
  ClientResolvedEndpointParameters;
 /**
@@ -427,25 +427,28 @@ export class AccessAnalyzerClient extends __Client<
  constructor(...[configuration]: __CheckOptionalClientConfig<AccessAnalyzerClientConfig>) {
  const _config_0 = __getRuntimeConfig(configuration || {});
  const _config_1 = resolveClientEndpointParameters(_config_0);
- const _config_2 = resolveRegionConfig(_config_1);
- const _config_3 = resolveEndpointConfig(_config_2);
- const _config_4 = resolveHostHeaderConfig(_config_3);
- const _config_5 = resolveUserAgentConfig(_config_4);
- const _config_6 = resolveRetryConfig(_config_5);
+ const _config_2 = resolveUserAgentConfig(_config_1);
+ const _config_3 = resolveRetryConfig(_config_2);
+ const _config_4 = resolveRegionConfig(_config_3);
+ const _config_5 = resolveHostHeaderConfig(_config_4);
+ const _config_6 = resolveEndpointConfig(_config_5);
  const _config_7 = resolveHttpAuthSchemeConfig(_config_6);
  const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []);
  super(_config_8);
  this.config = _config_8;
- this.middlewareStack.use(getHostHeaderPlugin(this.config));
- this.middlewareStack.use(getLoggerPlugin(this.config));
- this.middlewareStack.use(getRecursionDetectionPlugin(this.config));
  this.middlewareStack.use(getUserAgentPlugin(this.config));
  this.middlewareStack.use(getRetryPlugin(this.config));
  this.middlewareStack.use(getContentLengthPlugin(this.config));
+ this.middlewareStack.use(getHostHeaderPlugin(this.config));
+ this.middlewareStack.use(getLoggerPlugin(this.config));
+ this.middlewareStack.use(getRecursionDetectionPlugin(this.config));
  this.middlewareStack.use(
  getHttpAuthSchemeEndpointRuleSetPlugin(this.config, {
- httpAuthSchemeParametersProvider: this.getDefaultHttpAuthSchemeParametersProvider(),
- identityProviderConfigProvider: this.getIdentityProviderConfigProvider(),
+ httpAuthSchemeParametersProvider: defaultAccessAnalyzerHttpAuthSchemeParametersProvider,
+ identityProviderConfigProvider: async (config: AccessAnalyzerClientResolvedConfig) =>
+ new DefaultIdentityProviderConfig({
+ "aws.auth#sigv4": config.credentials,
+ }),
  })
  );
  this.middlewareStack.use(getHttpSigningPlugin(this.config));
@@ -459,13 +462,4 @@ export class AccessAnalyzerClient extends __Client<
  destroy(): void {
  super.destroy();
  }
- private getDefaultHttpAuthSchemeParametersProvider() {
- return defaultAccessAnalyzerHttpAuthSchemeParametersProvider;
- }
- private getIdentityProviderConfigProvider() {
- return async (config: AccessAnalyzerClientResolvedConfig) =>
- new DefaultIdentityProviderConfig({
- "aws.auth#sigv4": config.credentials,
- });
- }
 }

clients/client-accessanalyzer/src/auth/httpAuthSchemeProvider.ts

@@ -96,13 +96,13 @@ export const defaultAccessAnalyzerHttpAuthSchemeProvider: AccessAnalyzerHttpAuth
  */
 export interface HttpAuthSchemeInputConfig extends AwsSdkSigV4AuthInputConfig {
  /**
- * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+ * Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
  * @internal
  */
  httpAuthSchemes?: HttpAuthScheme[];
 
  /**
- * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+ * Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
  * @internal
  */
  httpAuthSchemeProvider?: AccessAnalyzerHttpAuthSchemeProvider;
@@ -113,13 +113,13 @@ export interface HttpAuthSchemeInputConfig extends AwsSdkSigV4AuthInputConfig {
  */
 export interface HttpAuthSchemeResolvedConfig extends AwsSdkSigV4AuthResolvedConfig {
  /**
- * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+ * Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
  * @internal
  */
  readonly httpAuthSchemes: HttpAuthScheme[];
 
  /**
- * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+ * Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
  * @internal
  */
  readonly httpAuthSchemeProvider: AccessAnalyzerHttpAuthSchemeProvider;

clients/client-account/src/AccountClient.ts

@@ -268,11 +268,11 @@ export interface ClientDefaults extends Partial<__SmithyConfiguration<__HttpHand
  */
 export type AccountClientConfigType = Partial<__SmithyConfiguration<__HttpHandlerOptions>> &
  ClientDefaults &
- RegionInputConfig &
- EndpointInputConfig<EndpointParameters> &
- HostHeaderInputConfig &
  UserAgentInputConfig &
  RetryInputConfig &
+ RegionInputConfig &
+ HostHeaderInputConfig &
+ EndpointInputConfig<EndpointParameters> &
  HttpAuthSchemeInputConfig &
  ClientInputEndpointParameters;
 /**
@@ -288,11 +288,11 @@ export interface AccountClientConfig extends AccountClientConfigType {}
 export type AccountClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpHandlerOptions> &
  Required<ClientDefaults> &
  RuntimeExtensionsConfig &
- RegionResolvedConfig &
- EndpointResolvedConfig<EndpointParameters> &
- HostHeaderResolvedConfig &
  UserAgentResolvedConfig &
  RetryResolvedConfig &
+ RegionResolvedConfig &
+ HostHeaderResolvedConfig &
+ EndpointResolvedConfig<EndpointParameters> &
  HttpAuthSchemeResolvedConfig &
  ClientResolvedEndpointParameters;
 /**
@@ -320,25 +320,28 @@ export class AccountClient extends __Client<
  constructor(...[configuration]: __CheckOptionalClientConfig<AccountClientConfig>) {
  const _config_0 = __getRuntimeConfig(configuration || {});
  const _config_1 = resolveClientEndpointParameters(_config_0);
- const _config_2 = resolveRegionConfig(_config_1);
- const _config_3 = resolveEndpointConfig(_config_2);
- const _config_4 = resolveHostHeaderConfig(_config_3);
- const _config_5 = resolveUserAgentConfig(_config_4);
- const _config_6 = resolveRetryConfig(_config_5);
+ const _config_2 = resolveUserAgentConfig(_config_1);
+ const _config_3 = resolveRetryConfig(_config_2);
+ const _config_4 = resolveRegionConfig(_config_3);
+ const _config_5 = resolveHostHeaderConfig(_config_4);
+ const _config_6 = resolveEndpointConfig(_config_5);
  const _config_7 = resolveHttpAuthSchemeConfig(_config_6);
  const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []);
  super(_config_8);
  this.config = _config_8;
- this.middlewareStack.use(getHostHeaderPlugin(this.config));
- this.middlewareStack.use(getLoggerPlugin(this.config));
- this.middlewareStack.use(getRecursionDetectionPlugin(this.config));
  this.middlewareStack.use(getUserAgentPlugin(this.config));
  this.middlewareStack.use(getRetryPlugin(this.config));
  this.middlewareStack.use(getContentLengthPlugin(this.config));
+ this.middlewareStack.use(getHostHeaderPlugin(this.config));
+ this.middlewareStack.use(getLoggerPlugin(this.config));
+ this.middlewareStack.use(getRecursionDetectionPlugin(this.config));
  this.middlewareStack.use(
  getHttpAuthSchemeEndpointRuleSetPlugin(this.config, {
- httpAuthSchemeParametersProvider: this.getDefaultHttpAuthSchemeParametersProvider(),
- identityProviderConfigProvider: this.getIdentityProviderConfigProvider(),
+ httpAuthSchemeParametersProvider: defaultAccountHttpAuthSchemeParametersProvider,
+ identityProviderConfigProvider: async (config: AccountClientResolvedConfig) =>
+ new DefaultIdentityProviderConfig({
+ "aws.auth#sigv4": config.credentials,
+ }),
  })
  );
  this.middlewareStack.use(getHttpSigningPlugin(this.config));
@@ -352,13 +355,4 @@ export class AccountClient extends __Client<
  destroy(): void {
  super.destroy();
  }
- private getDefaultHttpAuthSchemeParametersProvider() {
- return defaultAccountHttpAuthSchemeParametersProvider;
- }
- private getIdentityProviderConfigProvider() {
- return async (config: AccountClientResolvedConfig) =>
- new DefaultIdentityProviderConfig({
- "aws.auth#sigv4": config.credentials,
- });
- }
 }

clients/client-account/src/auth/httpAuthSchemeProvider.ts

@@ -95,13 +95,13 @@ export const defaultAccountHttpAuthSchemeProvider: AccountHttpAuthSchemeProvider
  */
 export interface HttpAuthSchemeInputConfig extends AwsSdkSigV4AuthInputConfig {
  /**
- * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+ * Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
  * @internal
  */
  httpAuthSchemes?: HttpAuthScheme[];
 
  /**
- * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+ * Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
  * @internal
  */
  httpAuthSchemeProvider?: AccountHttpAuthSchemeProvider;
@@ -112,13 +112,13 @@ export interface HttpAuthSchemeInputConfig extends AwsSdkSigV4AuthInputConfig {
  */
 export interface HttpAuthSchemeResolvedConfig extends AwsSdkSigV4AuthResolvedConfig {
  /**
- * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+ * Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
  * @internal
  */
  readonly httpAuthSchemes: HttpAuthScheme[];
 
  /**
- * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+ * Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
  * @internal
  */
  readonly httpAuthSchemeProvider: AccountHttpAuthSchemeProvider;

clients/client-acm-pca/src/ACMPCAClient.ts

@@ -319,11 +319,11 @@ export interface ClientDefaults extends Partial<__SmithyConfiguration<__HttpHand
  */
 export type ACMPCAClientConfigType = Partial<__SmithyConfiguration<__HttpHandlerOptions>> &
  ClientDefaults &
- RegionInputConfig &
- EndpointInputConfig<EndpointParameters> &
- HostHeaderInputConfig &
  UserAgentInputConfig &
  RetryInputConfig &
+ RegionInputConfig &
+ HostHeaderInputConfig &
+ EndpointInputConfig<EndpointParameters> &
  HttpAuthSchemeInputConfig &
  ClientInputEndpointParameters;
 /**
@@ -339,11 +339,11 @@ export interface ACMPCAClientConfig extends ACMPCAClientConfigType {}
 export type ACMPCAClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpHandlerOptions> &
  Required<ClientDefaults> &
  RuntimeExtensionsConfig &
- RegionResolvedConfig &
- EndpointResolvedConfig<EndpointParameters> &
- HostHeaderResolvedConfig &
  UserAgentResolvedConfig &
  RetryResolvedConfig &
+ RegionResolvedConfig &
+ HostHeaderResolvedConfig &
+ EndpointResolvedConfig<EndpointParameters> &
  HttpAuthSchemeResolvedConfig &
  ClientResolvedEndpointParameters;
 /**
@@ -386,25 +386,28 @@ export class ACMPCAClient extends __Client<
  constructor(...[configuration]: __CheckOptionalClientConfig<ACMPCAClientConfig>) {
  const _config_0 = __getRuntimeConfig(configuration || {});
  const _config_1 = resolveClientEndpointParameters(_config_0);
- const _config_2 = resolveRegionConfig(_config_1);
- const _config_3 = resolveEndpointConfig(_config_2);
- const _config_4 = resolveHostHeaderConfig(_config_3);
- const _config_5 = resolveUserAgentConfig(_config_4);
- const _config_6 = resolveRetryConfig(_config_5);
+ const _config_2 = resolveUserAgentConfig(_config_1);
+ const _config_3 = resolveRetryConfig(_config_2);
+ const _config_4 = resolveRegionConfig(_config_3);
+ const _config_5 = resolveHostHeaderConfig(_config_4);
+ const _config_6 = resolveEndpointConfig(_config_5);
  const _config_7 = resolveHttpAuthSchemeConfig(_config_6);
  const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []);
  super(_config_8);
  this.config = _config_8;
- this.middlewareStack.use(getHostHeaderPlugin(this.config));
- this.middlewareStack.use(getLoggerPlugin(this.config));
- this.middlewareStack.use(getRecursionDetectionPlugin(this.config));
  this.middlewareStack.use(getUserAgentPlugin(this.config));
  this.middlewareStack.use(getRetryPlugin(this.config));
  this.middlewareStack.use(getContentLengthPlugin(this.config));
+ this.middlewareStack.use(getHostHeaderPlugin(this.config));
+ this.middlewareStack.use(getLoggerPlugin(this.config));
+ this.middlewareStack.use(getRecursionDetectionPlugin(this.config));
  this.middlewareStack.use(
  getHttpAuthSchemeEndpointRuleSetPlugin(this.config, {
- httpAuthSchemeParametersProvider: this.getDefaultHttpAuthSchemeParametersProvider(),
- identityProviderConfigProvider: this.getIdentityProviderConfigProvider(),
+ httpAuthSchemeParametersProvider: defaultACMPCAHttpAuthSchemeParametersProvider,
+ identityProviderConfigProvider: async (config: ACMPCAClientResolvedConfig) =>
+ new DefaultIdentityProviderConfig({
+ "aws.auth#sigv4": config.credentials,
+ }),
  })
  );
  this.middlewareStack.use(getHttpSigningPlugin(this.config));
@@ -418,13 +421,4 @@ export class ACMPCAClient extends __Client<
  destroy(): void {
  super.destroy();
  }
- private getDefaultHttpAuthSchemeParametersProvider() {
- return defaultACMPCAHttpAuthSchemeParametersProvider;
- }
- private getIdentityProviderConfigProvider() {
- return async (config: ACMPCAClientResolvedConfig) =>
- new DefaultIdentityProviderConfig({
- "aws.auth#sigv4": config.credentials,
- });
- }
 }

clients/client-acm-pca/src/auth/httpAuthSchemeProvider.ts

@@ -95,13 +95,13 @@ export const defaultACMPCAHttpAuthSchemeProvider: ACMPCAHttpAuthSchemeProvider =
  */
 export interface HttpAuthSchemeInputConfig extends AwsSdkSigV4AuthInputConfig {
  /**
- * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+ * Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
  * @internal
  */
  httpAuthSchemes?: HttpAuthScheme[];
 
  /**
- * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+ * Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
  * @internal
  */
  httpAuthSchemeProvider?: ACMPCAHttpAuthSchemeProvider;
@@ -112,13 +112,13 @@ export interface HttpAuthSchemeInputConfig extends AwsSdkSigV4AuthInputConfig {
  */
 export interface HttpAuthSchemeResolvedConfig extends AwsSdkSigV4AuthResolvedConfig {
  /**
- * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+ * Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
  * @internal
  */
  readonly httpAuthSchemes: HttpAuthScheme[];
 
  /**
- * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+ * Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
  * @internal
  */
  readonly httpAuthSchemeProvider: ACMPCAHttpAuthSchemeProvider;