feat: enable auth resolution via endpoints

[aajtodd]

Issue #

upstream: smithy-lang/smithy-kotlin#993

Description of changes

Enable using endpoint resolution as a way of resolving auth schemes for select services (S3 and EventBridge). This comes as a requirement from SRA for these services where their auth scheme rules are intimately tied to endpoints. This is an opt-in codegen feature since most services don't need this.

Also refactors the way S3 signing properties are set by defaulting them in the execution context rather than overriding the auth scheme instantiation expression. This ends up being a better customer experience if someone wants to override existing auth schemes (e.g. to replace the signer only) as they don't have to know about all the other S3 specific signer settings.

Testing

Tested against an MRAP bucket

val sigV4AScheme = SigV4AsymmetricAuthScheme(CrtAwsSigner)

S3Client.fromEnvironment {
    logMode = LogMode.LogRequest
    disableMrap = false
    authSchemes = listOf(sigV4AScheme)
}.use { s3 ->
    s3.putObject {
        bucket = "<redacted>.mrap"
        key = "test-mrap.txt"
        body = ByteStream.fromString("Hello MRAP!")
    }

    s3.listObjectsV2 {
        bucket = "<redacted>.mrap"
    }.contents.orEmpty().forEach(::println)
}

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[github-actions]

A new generated diff is ready to view.

• AWS SDK (ignoring whitespace)

[github-actions]

A new generated diff is ready to view.

• AWS SDK (ignoring whitespace)

[lauzadis]

question: this issue is closed, is it still relevant?

[ianbotsf]

This is here to remind us why path normalization and single URI encoding are important for S3.

[aajtodd]

Yeah I left it as a clue for posterity about why we care about this and where the requirements come from.

[lauzadis]

question/nit: Is package.json already an established name for SDK client codegen configuration? I think something like config.json makes more sense

[aajtodd]

No established name, I don't have a strong preference. I think I went with package.json because that is what was proposed in the publishing QA doc. @ianbotsf do you have any preference?

[ianbotsf]

I don't have a preference on the name—either package.json or config.json sounds fine to me.

Taking a closer look at this now, does Smithy not already have a way to handle this? If not, should we consider moving this kind of functionality up into the smithy-kotlin later?

[aajtodd]

Handle what? This is custom logic to feed into smithy-build.json.

[github-actions]

A new generated diff is ready to view.

• AWS SDK (ignoring whitespace)

[ianbotsf]

Question: I'm a little confused by this logic. It looks like if the file doesn't exist or contains only {} then we won't assert the existence of an sdkId...why is that? Shouldn't it be an error if the file exists and is malformed?

val packageSettingsFile = file(service.packageSettings)
if (packageSettingsFile.exists()) {
    val node = Node.parse(packageSettingsFile.inputStream()).asObjectNode().get()
    node.expectMember("sdkId", "${packageSettingsFile.absolutePath} does not contain member `sdkId`")
    val packageSdkId = node.getStringMember("sdkId").get().value
    check(service.sdkId == packageSdkId) { "${packageSettingsFile.absolutePath} `sdkId` ($packageSdkId) does not match expected `${service.sdkId}`" }
}

[ianbotsf]

This is here to remind us why path normalization and single URI encoding are important for S3.

[github-actions]

A new generated diff is ready to view.

• AWS SDK (ignoring whitespace)

[github-actions]

A new generated diff is ready to view.

• AWS SDK (ignoring whitespace)

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
1 Code Smell

No Coverage information
0.0% Duplication

[github-actions]

A new generated diff is ready to view.

• AWS SDK (ignoring whitespace)