Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(experimentalIdentityAndAuth): customize @aws.auth#sigv4 identity providers for the AWS SDK #5179

Merged
merged 2 commits into from
Sep 8, 2023
Merged

feat(experimentalIdentityAndAuth): customize @aws.auth#sigv4 identity providers for the AWS SDK #5179

merged 2 commits into from
Sep 8, 2023

Conversation

syall
Copy link
Contributor

@syall syall commented Sep 5, 2023
edited
Loading

Issue

Issue number, if available, prefixed with "#"

N/A.

Description

What does this implement/fix? Explain your changes.

Register AwsCustomizeSigv4AuthPlugin integration to customize
@aws.auth#sigv4 to use:

  • Browser: a function that throws an error saying credentials is
    missing
  • Node.js: decorateDefaultCredentialProvider(credentialDefaultProvider) from
    @aws-sdk/credential-provider-node and aws-sdk/client-sts.

Dependent on: smithy-lang/smithy-typescript#907

Testing

How was this change tested?

Everything is gated behind experimentalIdentityAndAuth.

Complete generic codegen client diff: https://gist.github.com/syall/5f0b85d33094e8182042f1b0e98c5ef7#file-pr-5179-diff

The diffs for credentialDefaultProvider and region were removed under the experimental flag in #5065, and will be added back in later PRs.

Browser

The main diff is that for runtimeConfig.browser.ts (the Browser runtime config), the following httpAuthSchemes are generated with the error function as the identity provider for aws.auth#sigv4:

diff --color -Nur ./generic-client-test-codegen/build/smithyprojections/generic-client-test-codegen/control-experimental-identity-and-auth/typescript-codegen/src/runtimeConfig.browser.ts ./generic-client-test-codegen/build/smithyprojections/generic-client-test-codegen/client-experimental-identity-and-auth/typescript-codegen/src/runtimeConfig.browser.ts
--- ./generic-client-test-codegen/build/smithyprojections/generic-client-test-codegen/control-experimental-identity-and-auth/typescript-codegen/src/runtimeConfig.browser.ts	2023-09-05 15:35:00
+++ ./generic-client-test-codegen/build/smithyprojections/generic-client-test-codegen/client-experimental-identity-and-auth/typescript-codegen/src/runtimeConfig.browser.ts	2023-09-05 15:35:00
@@ -5,10 +5,16 @@
 import { Sha256 } from "@aws-crypto/sha256-browser";
 import { defaultUserAgent } from "@aws-sdk/util-user-agent-browser";
 import {
+  HttpApiKeyAuthSigner,
+  HttpBearerAuthSigner,
+  IdentityProviderConfig,
+  NoAuthSigner,
+  SigV4Signer,
+} from "@smithy/experimental-identity-and-auth";
+import {
   FetchHttpHandler as RequestHandler,
   streamCollector,
 } from "@smithy/fetch-http-handler";
-import { invalidProvider } from "@smithy/invalid-dependency";
 import { calculateBodyLength } from "@smithy/util-body-length-browser";
 import {
   DEFAULT_MAX_ATTEMPTS,
@@ -32,10 +38,29 @@
     runtime: "browser",
     defaultsMode,
     bodyLengthChecker: config?.bodyLengthChecker ?? calculateBodyLength,
-    credentialDefaultProvider: config?.credentialDefaultProvider ?? ((_: unknown) => () => Promise.reject(new Error("Credential is missing"))),
     defaultUserAgentProvider: config?.defaultUserAgentProvider ?? defaultUserAgent({clientVersion: packageInfo.version}),
+    httpAuthSchemes: config?.httpAuthSchemes ?? [{
+          schemeId: "aws.auth#sigv4",
+          identityProvider: (config: IdentityProviderConfig) =>
+            config.getIdentityProvider("aws.auth#sigv4") || (async () => { throw new Error("`credentials` is missing"); }),
+          signer: new SigV4Signer(),
+        }, {
+          schemeId: "smithy.api#httpApiKeyAuth",
+          identityProvider: (config: IdentityProviderConfig) =>
+            config.getIdentityProvider("smithy.api#httpApiKeyAuth"),
+          signer: new HttpApiKeyAuthSigner(),
+        }, {
+          schemeId: "smithy.api#httpBearerAuth",
+          identityProvider: (config: IdentityProviderConfig) =>
+            config.getIdentityProvider("smithy.api#httpBearerAuth"),
+          signer: new HttpBearerAuthSigner(),
+        }, {
+          schemeId: "smithy.api#noAuth",
+          identityProvider: (config: IdentityProviderConfig) =>
+            config.getIdentityProvider("smithy.api#noAuth") || (async () => ({})),
+          signer: new NoAuthSigner(),
+        }],
     maxAttempts: config?.maxAttempts ?? DEFAULT_MAX_ATTEMPTS,
-    region: config?.region ?? invalidProvider("Region is missing"),
     requestHandler: config?.requestHandler ?? new RequestHandler(defaultConfigProvider),
     retryMode: config?.retryMode ?? (async () => (await defaultConfigProvider()).retryMode || DEFAULT_RETRY_MODE),
     sha256: config?.sha256 ?? Sha256,

Node.js

The main diff is that for runtimeConfig.ts (the Node.js runtime config), the following httpAuthSchemes are generated with decorateDefaultCredentialProvider(credentialDefaultProvider) as the identity provider for aws.auth#sigv4:

diff --color -Nur ./generic-client-test-codegen/build/smithyprojections/generic-client-test-codegen/control-experimental-identity-and-auth/typescript-codegen/src/runtimeConfig.ts ./generic-client-test-codegen/build/smithyprojections/generic-client-test-codegen/client-experimental-identity-and-auth/typescript-codegen/src/runtimeConfig.ts
--- ./generic-client-test-codegen/build/smithyprojections/generic-client-test-codegen/control-experimental-identity-and-auth/typescript-codegen/src/runtimeConfig.ts	2023-09-05 15:35:00
+++ ./generic-client-test-codegen/build/smithyprojections/generic-client-test-codegen/client-experimental-identity-and-auth/typescript-codegen/src/runtimeConfig.ts	2023-09-05 15:35:00
@@ -6,9 +6,12 @@
 import { defaultProvider as credentialDefaultProvider } from "@aws-sdk/credential-provider-node";
 import { defaultUserAgent } from "@aws-sdk/util-user-agent-node";
 import {
-  NODE_REGION_CONFIG_FILE_OPTIONS,
-  NODE_REGION_CONFIG_OPTIONS,
-} from "@smithy/config-resolver";
+  HttpApiKeyAuthSigner,
+  HttpBearerAuthSigner,
+  IdentityProviderConfig,
+  NoAuthSigner,
+  SigV4Signer,
+} from "@smithy/experimental-identity-and-auth";
 import { Hash } from "@smithy/hash-node";
 import {
   NODE_MAX_ATTEMPT_CONFIG_OPTIONS,
@@ -41,10 +44,29 @@
     runtime: "node",
     defaultsMode,
     bodyLengthChecker: config?.bodyLengthChecker ?? calculateBodyLength,
-    credentialDefaultProvider: config?.credentialDefaultProvider ?? decorateDefaultCredentialProvider(credentialDefaultProvider),
     defaultUserAgentProvider: config?.defaultUserAgentProvider ?? defaultUserAgent({clientVersion: packageInfo.version}),
+    httpAuthSchemes: config?.httpAuthSchemes ?? [{
+          schemeId: "aws.auth#sigv4",
+          identityProvider: (config: IdentityProviderConfig) =>
+            config.getIdentityProvider("aws.auth#sigv4") || (decorateDefaultCredentialProvider(credentialDefaultProvider)),
+          signer: new SigV4Signer(),
+        }, {
+          schemeId: "smithy.api#httpApiKeyAuth",
+          identityProvider: (config: IdentityProviderConfig) =>
+            config.getIdentityProvider("smithy.api#httpApiKeyAuth"),
+          signer: new HttpApiKeyAuthSigner(),
+        }, {
+          schemeId: "smithy.api#httpBearerAuth",
+          identityProvider: (config: IdentityProviderConfig) =>
+            config.getIdentityProvider("smithy.api#httpBearerAuth"),
+          signer: new HttpBearerAuthSigner(),
+        }, {
+          schemeId: "smithy.api#noAuth",
+          identityProvider: (config: IdentityProviderConfig) =>
+            config.getIdentityProvider("smithy.api#noAuth") || (async () => ({})),
+          signer: new NoAuthSigner(),
+        }],
     maxAttempts: config?.maxAttempts ?? loadNodeConfig(NODE_MAX_ATTEMPT_CONFIG_OPTIONS),
-    region: config?.region ?? loadNodeConfig(NODE_REGION_CONFIG_OPTIONS, NODE_REGION_CONFIG_FILE_OPTIONS),
     requestHandler: config?.requestHandler ?? new RequestHandler(defaultConfigProvider),
     retryMode: config?.retryMode ?? loadNodeConfig({...NODE_RETRY_MODE_CONFIG_OPTIONS,default: async () => (await defaultConfigProvider()).retryMode || DEFAULT_RETRY_MODE,}),
     sha256: config?.sha256 ?? Hash.bind(null, "sha256"),

Additional context

Add any other context about the PR here.

N/A.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@syall syall force-pushed the customize-aws-sigv4-identity-provider branch from ed92f56 to b3d2192 Compare September 5, 2023 22:14
@syall syall changed the title feat(experimentalIdentityAndAuth): customize @aws.auth#sigv4 to use the default credential chain feat(experimentalIdentityAndAuth): customize @aws.auth#sigv4 identity providers for the AWS SDK Sep 5, 2023
@syall syall force-pushed the customize-aws-sigv4-identity-provider branch 3 times, most recently from 849fa56 to b92be17 Compare September 6, 2023 04:14
Steven Yuan added 2 commits September 8, 2023 14:07
feat(experimentalIdentityAndAuth): customize @aws.auth#sigv4 identi…
ce753f2 
…ty providers for the AWS SDK

Register `AwsCustomizeSigv4AuthPlugin` integration to customize
`@aws.auth#sigv4` to use:

- Browser: a function that throws an error saying `credentials` is
  missing
- Node.js: `decorateDefaultCredentialProvider(credentialDefaultProvider)` from
`@aws-sdk/credential-provider-node` and `aws-sdk/client-sts`.
feat(experimentalIdentityAndAuth): copy smithy-typescript generic aut…
3e1ec40 
…h tests
@syall syall force-pushed the customize-aws-sigv4-identity-provider branch from b92be17 to 3e1ec40 Compare September 8, 2023 21:08
@syall syall marked this pull request as ready for review September 8, 2023 21:08
@syall syall requested a review from a team as a code owner September 8, 2023 21:08
@syall syall merged commit 53ef8f9 into aws:main Sep 8, 2023
2 checks passed
@syall syall deleted the customize-aws-sigv4-identity-provider branch September 8, 2023 21:53
@github-actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@srchase srchase srchase approved these changes

@kuhe kuhe kuhe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@syall @kuhe @srchase