Merge remote-tracking branch 'origin/main' into chore-refactor-ep20

.changes/081fc76b-9f25-44d7-bdb1-29db4a1d69ed.json

@@ -0,0 +1,8 @@
+{
+    "id": "081fc76b-9f25-44d7-bdb1-29db4a1d69ed",
+    "type": "misc",
+    "description": "Refactor CredentialsProvider APIs",
+    "issues": [
+        "https://github.com/awslabs/aws-sdk-kotlin/issues/946"
+    ]
+}

CHANGELOG.md

@@ -1,5 +1,75 @@
 # Changelog
 
+## [0.32.1-beta] - 09/08/2023
+
+### Features
+* [#1033](https://github.com/awslabs/aws-sdk-kotlin/issues/1033) Add `SystemPropertyCredentialsProvider` and make it first in default chain credentials provider
+* Allow endpoint URL configuration via env and shared config.
+* [#1000](https://github.com/awslabs/aws-sdk-kotlin/issues/1000) Add more parameters for fetching STS credentials
+
+### Fixes
+* [#935](https://github.com/awslabs/smithy-kotlin/issues/935) Fix closing an event stream causing an IllegalStateException
+
+### Miscellaneous
+* Sync AWS models and bump smithy-kotlin
+
+## [0.32.0-beta] - 08/31/2023
+
+### Miscellaneous
+* **BREAKING**: Refactor HttpCall and HttpResponse types
+* Bump **smithy-kotlin** and AWS service models to latest versions
+
+## [0.31.0-beta] - 08/24/2023
+
+### Features
+* Support initial-request and initial-response for event streams using RPC-based protocols
+
+### Fixes
+* [#1029](https://github.com/awslabs/aws-sdk-kotlin/issues/1029) Update smithy-kotlin to 0.26.0
+
+### Miscellaneous
+* **BREAKING**: prefix generated endpoint and auth scheme providers with client name and track upstream changes
+* Sync AWS models
+* Refactor ClientOption to AttributeKey directly and track upstream HttpContext changes
+
+## [0.30.1-beta] - 08/17/2023
+
+### Miscellaneous
+* Sync AWS models and bump smithy-kotlin version
+
+## [0.30.0-beta] - 08/11/2023
+
+### Features
+* [#583](https://github.com/awslabs/aws-sdk-kotlin/issues/583) Make user-supplied region available to config resolution providers
+* [#1004](https://github.com/awslabs/aws-sdk-kotlin/issues/1004) Make RegionProviderChain accept a list of RegionProvider
+
+### Fixes
+* [#194](https://github.com/awslabs/aws-sdk-kotlin/issues/194) Correctly parse and handle `GetBucketLocation` responses
+
+### Miscellaneous
+* Upgrade Kotlin to 1.8.22
+* [#968](https://github.com/awslabs/aws-sdk-kotlin/issues/968) Add service-level benchmarks
+* Upgrade kotlinx.coroutines to 1.7.3
+* Sync AWS service models and **smithy-kotlin** to latest versions
+
+## [0.29.1-beta] - 07/27/2023
+
+### Features
+* [#745](https://github.com/awslabs/aws-sdk-kotlin/issues/745) Validate returned content length on S3 `GetObject` responses.
+
+### Miscellaneous
+* Sync AWS models and bump smithy-kotlin version
+
+## [0.29.0-beta] - 07/20/2023
+
+### Features
+* [#146](https://github.com/awslabs/smithy-kotlin/issues/146), [#800](https://github.com/awslabs/aws-sdk-kotlin/issues/800) Enable **Timestream Query** and **Timestream Write** service clients
+* [#969](https://github.com/awslabs/aws-sdk-kotlin/issues/969) Make `region` an optional client config parameter to support multi-region use cases
+
+### Miscellaneous
+* **BREAKING**: Refactor observability API and configuration. See the [discussion](https://github.com/awslabs/aws-sdk-kotlin/discussions/981) for more information.
+* Sync AWS service models.
+
 ## [0.28.2-beta] - 07/13/2023
 
 ### Fixes

aws-runtime/aws-config/build.gradle.kts

@@ -62,6 +62,9 @@ kotlin {
 
                 // atomics
                 implementation("org.jetbrains.kotlinx:atomicfu:$atomicFuVersion")
+
+                // coroutines
+                implementation("org.jetbrains.kotlinx:kotlinx-coroutines-core:$coroutinesVersion")
             }
         }
         commonTest {

aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/DefaultChainBearerTokenProvider.kt

@@ -30,9 +30,9 @@ import aws.smithy.kotlin.runtime.util.PlatformProvider
  * are NOT managed by the provider. Caller is responsible for closing.
  */
 public class DefaultChainBearerTokenProvider(
-    private val profileName: String? = null,
-    private val platformProvider: PlatformProvider = PlatformProvider.System,
-    httpClient: HttpClientEngine? = null,
+    public val profileName: String? = null,
+    public val platformProvider: PlatformProvider = PlatformProvider.System,
+    public val httpClient: HttpClientEngine? = null,
 ) : CloseableBearerTokenProvider {
 
     private val chain = BearerTokenProviderChain(

aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/DefaultChainCredentialsProvider.kt

@@ -42,16 +42,17 @@ import aws.smithy.kotlin.runtime.util.PlatformProvider
  * @return the newly-constructed credentials provider
  */
 public class DefaultChainCredentialsProvider constructor(
-    private val profileName: String? = null,
-    private val platformProvider: PlatformProvider = PlatformProvider.System,
+    public val profileName: String? = null,
+    public val platformProvider: PlatformProvider = PlatformProvider.System,
     httpClient: HttpClientEngine? = null,
-    region: String? = null,
+    public val region: String? = null,
 ) : CloseableCredentialsProvider {
 
     private val manageEngine = httpClient == null
     private val engine = httpClient ?: DefaultHttpEngine()
 
     private val chain = CredentialsProviderChain(
+        SystemPropertyCredentialsProvider(platformProvider::getProperty),
         EnvironmentCredentialsProvider(platformProvider::getenv),
         ProfileCredentialsProvider(profileName = profileName, platformProvider = platformProvider, httpClient = engine, region = region),
         // STS web identity provider can be constructed from either the profile OR 100% from the environment
@@ -85,7 +86,7 @@ public class DefaultChainCredentialsProvider constructor(
  * This allows it to be part of the default chain and any failures result in the chain to move onto the next provider.
  */
 private class StsWebIdentityProvider(
-    val platformProvider: PlatformProvider,
+    val platformProvider: PlatformProvider = PlatformProvider.System,
     val httpClient: HttpClientEngine? = null,
 ) : CloseableCredentialsProvider {
     override suspend fun resolve(attributes: Attributes): Credentials {

aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/EcsCredentialsProvider.kt

@@ -15,6 +15,7 @@ import aws.smithy.kotlin.runtime.auth.awscredentials.CredentialsProviderExceptio
 import aws.smithy.kotlin.runtime.client.endpoints.Endpoint
 import aws.smithy.kotlin.runtime.config.resolve
 import aws.smithy.kotlin.runtime.http.*
+import aws.smithy.kotlin.runtime.http.HttpCall
 import aws.smithy.kotlin.runtime.http.engine.DefaultHttpEngine
 import aws.smithy.kotlin.runtime.http.engine.HttpClientEngine
 import aws.smithy.kotlin.runtime.http.operation.*
@@ -60,14 +61,13 @@ private const val PROVIDER_NAME = "EcsContainer"
  *
  */
 public class EcsCredentialsProvider internal constructor(
-    private val platformProvider: PlatformEnvironProvider,
+    public val platformProvider: PlatformEnvironProvider = PlatformProvider.System,
     httpClient: HttpClientEngine? = null,
 ) : CloseableCredentialsProvider {
 
-    public constructor() : this(PlatformProvider.System)
-
     private val manageEngine = httpClient == null
-    private val httpClient = httpClient ?: DefaultHttpEngine()
+    private val httpClient: HttpClientEngine = httpClient ?: DefaultHttpEngine()
+
     override suspend fun resolve(attributes: Attributes): Credentials {
         val logger = coroutineContext.logger<EcsCredentialsProvider>()
         val authToken = AwsSdkSetting.AwsContainerAuthorizationToken.resolve(platformProvider)
@@ -83,10 +83,8 @@ public class EcsCredentialsProvider internal constructor(
         val op = SdkHttpOperation.build<Unit, Credentials> {
             serializer = EcsCredentialsSerializer(authToken)
             deserializer = EcsCredentialsDeserializer()
-            context {
-                operationName = "EcsCredentialsProvider"
-                serviceName = "EcsContainerMetadata"
-            }
+            operationName = "EcsCredentialsProvider"
+            serviceName = "EcsContainerMetadata"
             execution.endpointResolver = EndpointResolver { Endpoint(url) }
         }
 
@@ -158,7 +156,8 @@ public class EcsCredentialsProvider internal constructor(
 }
 
 private class EcsCredentialsDeserializer : HttpDeserialize<Credentials> {
-    override suspend fun deserialize(context: ExecutionContext, response: HttpResponse): Credentials {
+    override suspend fun deserialize(context: ExecutionContext, call: HttpCall): Credentials {
+        val response = call.response
         if (!response.status.isSuccess()) {
             throwCredentialsResponseException(response)
         }

aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/EnvironmentCredentialsProvider.kt

@@ -22,9 +22,9 @@ private val SESSION_TOKEN = AwsSdkSetting.AwsSessionToken.envVar
 /**
  * A [CredentialsProvider] which reads from `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN`.
  */
-public class EnvironmentCredentialsProvider
-public constructor(private val getEnv: (String) -> String?) : CredentialsProvider {
-    public constructor() : this(PlatformProvider.System::getenv)
+public class EnvironmentCredentialsProvider(
+    public val getEnv: (String) -> String? = PlatformProvider.System::getenv,
+) : CredentialsProvider {
 
     private fun requireEnv(variable: String): String =
         getEnv(variable) ?: throw ProviderConfigurationException("Missing value for environment variable `$variable`")

aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/ImdsCredentialsProvider.kt

@@ -51,9 +51,9 @@ internal expect class SdkIOException : Exception // FIXME move this to the prope
  * @param platformProvider the [PlatformEnvironProvider] instance
  */
 public class ImdsCredentialsProvider(
-    private val profileOverride: String? = null,
-    private val client: Lazy<InstanceMetadataProvider> = lazy { ImdsClient() },
-    private val platformProvider: PlatformEnvironProvider = PlatformProvider.System,
+    public val profileOverride: String? = null,
+    public val client: Lazy<InstanceMetadataProvider> = lazy { ImdsClient() },
+    public val platformProvider: PlatformEnvironProvider = PlatformProvider.System,
     private val clock: Clock = Clock.System,
 ) : CloseableCredentialsProvider {
     private var previousCredentials: Credentials? = null

aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/ProfileCredentialsProvider.kt

@@ -8,6 +8,7 @@ package aws.sdk.kotlin.runtime.auth.credentials
 import aws.sdk.kotlin.runtime.auth.credentials.profile.LeafProvider
 import aws.sdk.kotlin.runtime.auth.credentials.profile.ProfileChain
 import aws.sdk.kotlin.runtime.auth.credentials.profile.RoleArn
+import aws.sdk.kotlin.runtime.client.AwsClientOption
 import aws.sdk.kotlin.runtime.config.AwsSdkSetting
 import aws.sdk.kotlin.runtime.config.imds.ImdsClient
 import aws.sdk.kotlin.runtime.config.profile.loadAwsSharedConfig
@@ -19,10 +20,7 @@ import aws.smithy.kotlin.runtime.http.engine.HttpClientEngine
 import aws.smithy.kotlin.runtime.io.closeIfCloseable
 import aws.smithy.kotlin.runtime.telemetry.logging.logger
 import aws.smithy.kotlin.runtime.time.TimestampFormat
-import aws.smithy.kotlin.runtime.util.Attributes
-import aws.smithy.kotlin.runtime.util.LazyAsyncValue
-import aws.smithy.kotlin.runtime.util.PlatformProvider
-import aws.smithy.kotlin.runtime.util.asyncLazy
+import aws.smithy.kotlin.runtime.util.*
 import kotlin.coroutines.coroutineContext
 
 /**
@@ -74,10 +72,10 @@ import kotlin.coroutines.coroutineContext
  * are NOT managed by the provider. Caller is responsible for closing.
  */
 public class ProfileCredentialsProvider(
-    private val profileName: String? = null,
-    private val region: String? = null,
-    private val platformProvider: PlatformProvider = PlatformProvider.System,
-    private val httpClient: HttpClientEngine? = null,
+    public val profileName: String? = null,
+    public val region: String? = null,
+    public val platformProvider: PlatformProvider = PlatformProvider.System,
+    public val httpClient: HttpClientEngine? = null,
 ) : CloseableCredentialsProvider {
     private val namedProviders = mapOf(
         "Environment" to EnvironmentCredentialsProvider(platformProvider::getenv),
@@ -102,7 +100,7 @@ public class ProfileCredentialsProvider(
 
         // if profile is overridden for this provider, attempt to resolve it from there first
         val profileOverride = profileName?.let { sharedConfig.profiles[it] }
-        val region = asyncLazy { region ?: profileOverride?.getOrNull("region") ?: resolveRegion(platformProvider) }
+        val region = asyncLazy { region ?: profileOverride?.getOrNull("region") ?: attributes.getOrNull(AwsClientOption.Region) ?: resolveRegion(platformProvider) }
 
         val leaf = chain.leaf.toCredentialsProvider(region)
         logger.debug { "Resolving credentials from ${chain.leaf.description()}" }
@@ -166,7 +164,7 @@ public class ProfileCredentialsProvider(
         creds: Credentials,
         region: LazyAsyncValue<String?>,
     ): CredentialsProvider = StsAssumeRoleCredentialsProvider(
-        credentialsProvider = StaticCredentialsProvider(creds),
+        bootstrapCredentialsProvider = StaticCredentialsProvider(creds),
         roleArn = roleArn,
         region = region.get(),
         roleSessionName = sessionName,

aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/SsoCredentialsProvider.kt

@@ -56,50 +56,27 @@ private const val PROVIDER_NAME = "SSO"
  * **Additional Resources**
  * * [Configuring the AWS CLI to use AWS Single Sign-On](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html)
  * * [AWS Single Sign-On User Guide](https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html)
+ *
+ * @param accountId The AWS account ID that temporary AWS credentials will be resolved for
+ * @param roleName The IAM role in the AWS account that temporary AWS credentials will be resolved for
+ * @param startUrl The start URL (also known as the "User Portal URL") provided by the SSO service
+ * @param ssoRegion The AWS region where the SSO directory for the given [startUrl] is hosted.
+ * @param ssoSessionName The SSO Session name from the profile. If a session name is given an [SsoTokenProvider]
+ * will be used to fetch tokens.
+ * @param httpClient The [HttpClientEngine] instance to use to make requests. NOTE: This engine's resources and lifetime
+ * are NOT managed by the provider. Caller is responsible for closing.
+ * @param platformProvider The platform provider
+ * @param clock The source of time for the provider
  */
 public class SsoCredentialsProvider public constructor(
-    /**
-     * The AWS account ID that temporary AWS credentials will be resolved for
-     */
     public val accountId: String,
-
-    /**
-     * The IAM role in the AWS account that temporary AWS credentials will be resolved for
-     */
     public val roleName: String,
-
-    /**
-     * The start URL (also known as the "User Portal URL") provided by the SSO service
-     */
     public val startUrl: String,
-
-    /**
-     * The AWS region where the SSO directory for the given [startUrl] is hosted.
-     */
     public val ssoRegion: String,
-
-    /**
-     * The SSO Session name from the profile. If a session name is given an [SsoTokenProvider]
-     * will be used to fetch tokens.
-     */
     public val ssoSessionName: String? = null,
-
-    /**
-     * The [HttpClientEngine] instance to use to make requests. NOTE: This engine's resources and lifetime
-     * are NOT managed by the provider. Caller is responsible for closing.
-     */
-    private val httpClient: HttpClientEngine? = null,
-
-    /**
-     * The platform provider
-     */
-    private val platformProvider: PlatformProvider = PlatformProvider.System,
-
-    /**
-     * The source of time for the provider
-     */
+    public val httpClient: HttpClientEngine? = null,
+    public val platformProvider: PlatformProvider = PlatformProvider.System,
     private val clock: Clock = Clock.System,
-
 ) : CredentialsProvider {
 
     private val ssoTokenProvider = ssoSessionName?.let { sessName ->

aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/SsoTokenProvider.kt

@@ -60,8 +60,8 @@ public class SsoTokenProvider(
     public val startUrl: String,
     public val ssoRegion: String,
     public val refreshBufferWindow: Duration = DEFAULT_SSO_TOKEN_REFRESH_BUFFER_SECONDS.seconds,
-    private val httpClient: HttpClientEngine? = null,
-    private val platformProvider: PlatformProvider = PlatformProvider.System,
+    public val httpClient: HttpClientEngine? = null,
+    public val platformProvider: PlatformProvider = PlatformProvider.System,
     private val clock: Clock = Clock.System,
 ) : BearerTokenProvider {
 

aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/StaticCredentialsProvider.kt

@@ -14,7 +14,7 @@ import aws.smithy.kotlin.runtime.util.Attributes
  *
  * @param credentials The set of static credentials this provider will return
  */
-public class StaticCredentialsProvider public constructor(private val credentials: Credentials) : CredentialsProvider {
+public class StaticCredentialsProvider(public val credentials: Credentials) : CredentialsProvider {
 
     private constructor(builder: Builder) : this(Credentials(builder.accessKeyId!!, builder.secretAccessKey!!, builder.sessionToken))