feat(experimentalIdentityAndAuth): enable identity and auth by default (#1352)

* feat(codegen): add `mutateClientPlugins()` integration hook

* feat(experimentalIdentityAndAuth): enable identity and auth by default

`experimentalIdentityAndAuth` behavior is now the default auth behavior.

The `experimentalIdentityAndAuth` flag is now oppositely replaced with
`useLegacyAuth`, which enables legacy auth behavior for backward
compatibility concerns.

* additional cleanup

* disable released version test

* feat(codegen): add PreCommandClassCodeSection

* wip: writerConsumers for plugins

* feat: enable writers for plugin parameters

* code style

* use templating, use instance name for plugin

---------

Co-authored-by: Steven Yuan <yuasteve@amazon.com>

Author: kuhe

.changeset/large-trainers-cross.md

@@ -0,0 +1,5 @@
+---
+"@smithy/experimental-identity-and-auth": patch
+---
+
+set identity&auth SRA active by default

CONTRIBUTING.md

@@ -30,7 +30,7 @@ under development:
 
 Experimental Feature | Flag                          | Description
 ---------------------|-------------------------------|------------
-Identity & Auth      | `experimentalIdentityAndAuth` | Standardize identity and auth integrations to match the Smithy specification (see [Authentication Traits](https://smithy.io/2.0/spec/authentication-traits.html)). Newer capabilities include support for multiple auth schemes, `@optionalAuth`, and standardized identity interfaces for authentication schemes both in code generation and TypeScript packages. In `smithy-typescript`, `@httpApiKeyAuth` will be updated to use the new standardized interfaces. In `aws-sdk-js-v3` (`smithy-typescript`'s largest customer), this will affect `@aws.auth#sigv4` and `@httpBearerAuth` implementations, but is planned to be completely backwards-compatible.
+N/A                  | N/A                           | N/A
 
 ## Reporting Bugs/Feature Requests
 

README.md

@@ -197,7 +197,7 @@ By default, the Smithy TypeScript code generators provide the code generation fr
 |`private`|No|Whether the package is `private` in `package.json`. The default value is `false`.|
 |`requiredMemberMode`|No|**NOT RECOMMENDED DUE TO BACKWARD COMPATIBILITY CONCERNS.** Sets whether members marked with the `@required` trait are allowed to be `undefined`. See more details on the risks in `TypeScriptSettings.RequiredMemberMode`. The default value is `nullable`.|
 |`createDefaultReadme`|No|Whether to generate a default `README.md` for the package. The default value is `false`.|
-|`experimentalIdentityAndAuth`|No|Experimental feature that standardizes identity and auth integrations to match the Smithy specification (see [Authentication Traits](https://smithy.io/2.0/spec/authentication-traits.html)). See [the experimental features section for more details](CONTRIBUTING.md#experimental-features).|
+|`useLegacyAuth`|No|**NOT RECOMMENDED, AVAILABLE ONLY FOR BACKWARD COMPATIBILITY CONCERNS.** Flag that enables using legacy auth. When in doubt, use the default identity and auth behavior (not configuring `useLegacyAuth`) as the golden path.|
 
 #### `typescript-client-codegen` plugin artifacts
 

packages/experimental-identity-and-auth/src/integration/httpApiKeyAuth.integ.spec.ts

@@ -7,7 +7,7 @@ import {
 import { requireRequestsFrom } from "@smithy/util-test";
 
 describe("@httpApiKeyAuth integration tests", () => {
-  // TODO(experimentalIdentityAndAuth): should match `HttpApiKeyAuthService` `@httpApiKeyAuth` trait
+  // Match `HttpApiKeyAuthService` `@httpApiKeyAuth` trait
   const MOCK_API_KEY_NAME = "Authorization";
   const MOCK_API_KEY_SCHEME = "ApiKey";
   const MOCK_API_KEY = "APIKEY_123";

scripts/build-generated-test-packages.js

@@ -9,59 +9,39 @@ const { spawnProcess } = require("./utils/spawn-process");
 
 const root = path.join(__dirname, "..");
 
-const testProjectDir = path.join(
-    root,
-    "smithy-typescript-codegen-test",
-);
+const testProjectDir = path.join(root, "smithy-typescript-codegen-test");
 
-const codegenTestDir = path.join(
-    testProjectDir,
-    "build",
-    "smithyprojections",
-    "smithy-typescript-codegen-test",
-);
+const codegenTestDir = path.join(testProjectDir, "build", "smithyprojections", "smithy-typescript-codegen-test");
 
-const weatherClientDir = path.join(
-    codegenTestDir,
-    "source",
-    "typescript-client-codegen"
-);
+const weatherClientDir = path.join(codegenTestDir, "source", "typescript-client-codegen");
 
 const releasedClientDir = path.join(
-    testProjectDir,
-    "released-version-test",
-    "build",
-    "smithyprojections",
-    "released-version-test",
-    "source",
-    "typescript-codegen"
+  testProjectDir,
+  "released-version-test",
+  "build",
+  "smithyprojections",
+  "released-version-test",
+  "source",
+  "typescript-codegen"
 );
 
-// TODO(experimentalIdentityAndAuth): build generic client for integration tests
-const weatherExperimentalIdentityAndAuthClientDir = path.join(
-    codegenTestDir,
-    "client-experimental-identity-and-auth",
-    "typescript-client-codegen"
-);
+// Build generic legacy auth client for integration tests
+const weatherLegacyAuthClientDir = path.join(codegenTestDir, "client-legacy-auth", "typescript-client-codegen");
 
-const weatherSsdkDir = path.join(
-    codegenTestDir,
-    "ssdk-test",
-    "typescript-server-codegen"
-)
+const weatherSsdkDir = path.join(codegenTestDir, "ssdk-test", "typescript-server-codegen");
 
-// TODO(experimentalIdentityAndAuth): add `@httpApiKeyAuth` client for integration tests
+// Build `@httpApiKeyAuth` client for integration tests
 const httpApiKeyAuthClientDir = path.join(
-    codegenTestDir,
-    "identity-and-auth-http-api-key-auth",
-    "typescript-client-codegen"
+  codegenTestDir,
+  "identity-and-auth-http-api-key-auth",
+  "typescript-client-codegen"
 );
 
-// TODO(experimentalIdentityAndAuth): add `@httpBearerAuth` client for integration tests
+// Build `@httpBearerAuth` client for integration tests
 const httpBearerAuthClientDir = path.join(
-    codegenTestDir,
-    "identity-and-auth-http-bearer-auth",
-    "typescript-client-codegen"
+  codegenTestDir,
+  "identity-and-auth-http-bearer-auth",
+  "typescript-client-codegen"
 );
 
 const nodeModulesDir = path.join(root, "node_modules");
@@ -82,10 +62,14 @@ const buildAndCopyToNodeModules = async (packageName, codegenDir, nodeModulesDir
       await spawnProcess("rm", ["-rf", packageName], { cwd: nodeModulesDir });
       await spawnProcess("mkdir", ["-p", packageName], { cwd: nodeModulesDir });
       const targetPackageDir = path.join(nodeModulesDir, packageName);
-      await spawnProcess("tar", ["-xf", "package.tgz", "-C", targetPackageDir, "--strip-components", "1"], { cwd: codegenDir });
+      await spawnProcess("tar", ["-xf", "package.tgz", "-C", targetPackageDir, "--strip-components", "1"], {
+        cwd: codegenDir,
+      });
     }
   } catch (e) {
-    console.log(`Building and copying package \`${packageName}\` in \`${codegenDir}\` to \`${nodeModulesDir}\` failed:`)
+    console.log(
+      `Building and copying package \`${packageName}\` in \`${codegenDir}\` to \`${nodeModulesDir}\` failed:`
+    );
     console.log(e);
     process.exit(1);
   }
@@ -94,12 +78,17 @@ const buildAndCopyToNodeModules = async (packageName, codegenDir, nodeModulesDir
 (async () => {
   await buildAndCopyToNodeModules("weather", weatherClientDir, nodeModulesDir);
   await buildAndCopyToNodeModules("weather-ssdk", weatherSsdkDir, nodeModulesDir);
-  // TODO(experimentalIdentityAndAuth): build generic client for integration tests
-  await buildAndCopyToNodeModules("@smithy/weather-experimental-identity-and-auth", weatherExperimentalIdentityAndAuthClientDir, nodeModulesDir);
-  // TODO(experimentalIdentityAndAuth): add `@httpApiKeyAuth` client for integration tests
-  await buildAndCopyToNodeModules("@smithy/identity-and-auth-http-api-key-auth-service", httpApiKeyAuthClientDir, nodeModulesDir);
-  // TODO(experimentalIdentityAndAuth): add `@httpBearerAuth` client for integration tests
-  await buildAndCopyToNodeModules("@smithy/identity-and-auth-http-bearer-auth-service", httpBearerAuthClientDir, nodeModulesDir);
-  // Test released version of smithy-typescript codegenerators, but
-  await buildAndCopyToNodeModules("released", releasedClientDir, undefined);
+  await buildAndCopyToNodeModules("@smithy/weather-legacy-auth", weatherLegacyAuthClientDir, nodeModulesDir);
+  await buildAndCopyToNodeModules(
+    "@smithy/identity-and-auth-http-api-key-auth-service",
+    httpApiKeyAuthClientDir,
+    nodeModulesDir
+  );
+  await buildAndCopyToNodeModules(
+    "@smithy/identity-and-auth-http-bearer-auth-service",
+    httpBearerAuthClientDir,
+    nodeModulesDir
+  );
+  // TODO(released-version-test): Test released version of smithy-typescript codegenerators, but currently is not working
+  // await buildAndCopyToNodeModules("released", releasedClientDir, undefined);
 })();

smithy-typescript-codegen-test/example-weather-customizations/src/main/java/example/weather/SupportWeatherSigV4Auth.java

@@ -0,0 +1,133 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package example.weather;
+
+import java.util.Optional;
+import java.util.function.Consumer;
+import software.amazon.smithy.codegen.core.Symbol;
+import software.amazon.smithy.codegen.core.SymbolReference;
+import software.amazon.smithy.model.shapes.ShapeId;
+import software.amazon.smithy.typescript.codegen.ApplicationProtocol;
+import software.amazon.smithy.typescript.codegen.LanguageTarget;
+import software.amazon.smithy.typescript.codegen.TypeScriptDependency;
+import software.amazon.smithy.typescript.codegen.TypeScriptSettings;
+import software.amazon.smithy.typescript.codegen.TypeScriptWriter;
+import software.amazon.smithy.typescript.codegen.auth.http.ConfigField;
+import software.amazon.smithy.typescript.codegen.auth.http.HttpAuthOptionProperty;
+import software.amazon.smithy.typescript.codegen.auth.http.HttpAuthScheme;
+import software.amazon.smithy.typescript.codegen.auth.http.HttpAuthSchemeParameter;
+import software.amazon.smithy.typescript.codegen.auth.http.integration.HttpAuthTypeScriptIntegration;
+import software.amazon.smithy.utils.SmithyInternalApi;
+
+@SmithyInternalApi
+public final class SupportWeatherSigV4Auth implements HttpAuthTypeScriptIntegration {
+    static final Symbol AWS_CREDENTIAL_IDENTITY = Symbol.builder()
+        .name("AwsCredentialIdentity")
+        .namespace(TypeScriptDependency.SMITHY_TYPES.getPackageName(), "/")
+        .addDependency(TypeScriptDependency.SMITHY_TYPES)
+        .build();
+    static final Symbol AWS_CREDENTIAL_IDENTITY_PROVIDER = Symbol.builder()
+        .name("AwsCredentialIdentityProvider")
+        .namespace(TypeScriptDependency.SMITHY_TYPES.getPackageName(), "/")
+        .addDependency(TypeScriptDependency.SMITHY_TYPES)
+        .build();
+    static final ConfigField CREDENTIALS_CONFIG_FIELD = ConfigField.builder()
+        .name("credentials")
+        .type(ConfigField.Type.MAIN)
+        .docs(w -> w.write("The credentials used to sign requests."))
+        .inputType(Symbol.builder()
+            .name("AwsCredentialIdentity | AwsCredentialIdentityProvider")
+            .addReference(AWS_CREDENTIAL_IDENTITY)
+            .addReference(AWS_CREDENTIAL_IDENTITY_PROVIDER)
+            .build())
+        .resolvedType(Symbol.builder()
+            .name("AwsCredentialIdentityProvider")
+            .addReference(AWS_CREDENTIAL_IDENTITY)
+            .addReference(AWS_CREDENTIAL_IDENTITY_PROVIDER)
+            .build())
+        .configFieldWriter(ConfigField::defaultMainConfigFieldWriter)
+        .build();
+    private static final Consumer<TypeScriptWriter> AWS_SIGV4_AUTH_SIGNER = w -> {
+        w.addDependency(TypeScriptDependency.EXPERIMENTAL_IDENTITY_AND_AUTH);
+        w.addImport("SigV4Signer", null, TypeScriptDependency.EXPERIMENTAL_IDENTITY_AND_AUTH);
+        w.write("new SigV4Signer()");
+    };
+    private static final SymbolReference PROVIDER = SymbolReference.builder()
+        .symbol(Symbol.builder()
+            .name("Provider")
+            .namespace(TypeScriptDependency.SMITHY_TYPES.getPackageName(), "/")
+            .addDependency(TypeScriptDependency.SMITHY_TYPES)
+            .build())
+        .alias("__Provider")
+        .build();
+
+    @Override
+    public boolean matchesSettings(TypeScriptSettings settings) {
+        return !settings.useLegacyAuth();
+    }
+
+    @Override
+    public Optional<HttpAuthScheme> getHttpAuthScheme() {
+        return Optional.of(HttpAuthScheme.builder()
+                .schemeId(ShapeId.from("aws.auth#sigv4"))
+                .applicationProtocol(ApplicationProtocol.createDefaultHttpApplicationProtocol())
+                .putDefaultSigner(LanguageTarget.SHARED, AWS_SIGV4_AUTH_SIGNER)
+                .addConfigField(CREDENTIALS_CONFIG_FIELD)
+                .addConfigField(ConfigField.builder()
+                    .name("region")
+                    .type(ConfigField.Type.AUXILIARY)
+                    .docs(w -> w.write("The AWS region to which this client will send requests."))
+                    .inputType(Symbol.builder()
+                        .name("string | __Provider<string>")
+                        .addReference(PROVIDER)
+                        .build())
+                    .resolvedType(Symbol.builder()
+                        .name("__Provider<string>")
+                        .addReference(PROVIDER)
+                        .build())
+                    .configFieldWriter(ConfigField::defaultAuxiliaryConfigFieldWriter)
+                    .build())
+                .addHttpAuthSchemeParameter(HttpAuthSchemeParameter.builder()
+                    .name("region")
+                    .type(w -> w.write("string"))
+                    .source(w -> {
+                        w.addDependency(TypeScriptDependency.UTIL_MIDDLEWARE);
+                        w.addImport("normalizeProvider", null, TypeScriptDependency.UTIL_MIDDLEWARE);
+                        w.openBlock("await normalizeProvider(config.region)() || (() => {", "})()", () -> {
+                            w.write("throw new Error(\"expected `region` to be configured for `aws.auth#sigv4`\");");
+                        });
+                    })
+                    .build())
+                .addHttpAuthOptionProperty(HttpAuthOptionProperty.builder()
+                    .name("name")
+                    .type(HttpAuthOptionProperty.Type.SIGNING)
+                    .source(s -> w -> {
+                        w.write("$S", s.trait().toNode().expectObjectNode().getMember("name"));
+                    })
+                    .build())
+                .addHttpAuthOptionProperty(HttpAuthOptionProperty.builder()
+                    .name("region")
+                    .type(HttpAuthOptionProperty.Type.SIGNING)
+                    .source(t -> w -> {
+                        w.write("authParameters.region");
+                    })
+                    .build())
+                .propertiesExtractor(s -> w -> w
+                    .write("""
+                        (config, context) => {
+                          return {
+                            /**
+                             * @internal
+                             */
+                            signingProperties: {
+                              ...config,
+                              ...context,
+                            },
+                          };
+                        },"""))
+                .build());
+    }
+}

smithy-typescript-codegen-test/example-weather-customizations/src/main/resources/META-INF/services/software.amazon.smithy.typescript.codegen.integration.TypeScriptIntegration

@@ -1 +1,2 @@
 example.weather.ExampleWeatherCustomEndpointsRuntimeConfig
+example.weather.SupportWeatherSigV4Auth

smithy-typescript-codegen-test/model/weather/main.smithy

@@ -34,7 +34,7 @@ service Weather {
         GetCurrentTime
         // util-stream.integ.spec.ts
         Invoke
-        // experimentalIdentityAndAuth
+        // Identity and Auth
         OnlyHttpApiKeyAuth
         OnlyHttpApiKeyAuthOptional
         OnlyHttpBearerAuth

smithy-typescript-codegen-test/released-version-test/build.gradle.kts

@@ -3,6 +3,8 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
+// TODO(released-version-test): Test released version of smithy-typescript codegenerators, but currently is extremely flaky
+/*
 plugins {
     java
     id("software.amazon.smithy.gradle.smithy-base")
@@ -27,3 +29,4 @@ dependencies {
 }
 
 tasks["jar"].enabled = false
+*/

smithy-typescript-codegen-test/smithy-build.json

@@ -29,7 +29,7 @@
                 }
             }
         },
-        "client-experimental-identity-and-auth": {
+        "client-identity-and-auth": {
             "transforms": [
                 {
                     "name": "includeServices",
@@ -41,17 +41,16 @@
             "plugins": {
                 "typescript-client-codegen": {
                     "service": "example.weather#Weather",
-                    "package": "@smithy/weather-experimental-identity-and-auth",
+                    "package": "weather",
                     "packageVersion": "0.0.1",
                     "packageJson": {
                         "license": "Apache-2.0",
                         "private": true
-                    },
-                    "experimentalIdentityAndAuth": true
+                    }
                 }
             }
         },
-        "control-experimental-identity-and-auth": {
+        "client-legacy-auth": {
             "transforms": [
                 {
                     "name": "includeServices",
@@ -63,12 +62,13 @@
             "plugins": {
                 "typescript-client-codegen": {
                     "service": "example.weather#Weather",
-                    "package": "weather",
+                    "package": "@smithy/weather-legacy-auth",
                     "packageVersion": "0.0.1",
                     "packageJson": {
                         "license": "Apache-2.0",
                         "private": true
-                    }
+                    },
+                    "useLegacyAuth": true
                 }
             }
         },
@@ -89,8 +89,7 @@
                     "packageJson": {
                         "license": "Apache-2.0",
                         "private": true
-                    },
-                    "experimentalIdentityAndAuth": true
+                    }
                 }
             }
         },
@@ -111,8 +110,7 @@
                     "packageJson": {
                         "license": "Apache-2.0",
                         "private": true
-                    },
-                    "experimentalIdentityAndAuth": true
+                    }
                 }
             }
         }