awslabs · aajtodd · Nov 13, 2023 · Nov 6, 2023 · Nov 7, 2023 · Nov 7, 2023
@@ -0,0 +1,5 @@
+{
+    "id": "38a790e8-0d9a-4dfb-9a8d-05fba0325f1e",
+    "type": "feature",
+    "description": "Enable auth scheme resolution via endpoints for S3 and EventBridge"
+}
@@ -14,7 +14,7 @@ buildscript {
         classpath(libs.kotlinx.atomicfu.plugin)
         classpath("aws.sdk.kotlin:build-plugins") {
             version {
-                require("0.2.8")
+                require("0.2.9")
             }
         }
     }

@@ -11,6 +11,7 @@ import aws.sdk.kotlin.gradle.codegen.dsl.projectionRootDir
 import aws.sdk.kotlin.gradle.codegen.dsl.smithyKotlinPlugin
 import software.amazon.smithy.gradle.tasks.SmithyBuild
 import software.amazon.smithy.model.Model
+import software.amazon.smithy.model.node.Node
 import software.amazon.smithy.model.shapes.ServiceShape
 import java.nio.file.Paths
 import java.util.*
@@ -114,6 +115,20 @@ fun awsServiceProjections(): Provider<List<SmithyProjection>> {
                 imports = importPaths
                 transforms = transformsForService(service) ?: emptyList()
 
+                val packageSettingsFile = file(service.packageSettings)
+                val packageSettings = if (packageSettingsFile.exists()) {
+                    val node = Node.parse(packageSettingsFile.inputStream())
+                    node.asObjectNode().get()
+                } else {
+                    Node.objectNode()
+                }
+
+                if (!packageSettings.isEmpty) {
+                    packageSettings.expectMember("sdkId", "${packageSettingsFile.absolutePath} does not contain member `sdkId`")
+                    val packageSdkId = packageSettings.getStringMember("sdkId").get().value
+                    check(service.sdkId == packageSdkId) { "${packageSettingsFile.absolutePath} `sdkId` ($packageSdkId) does not match expected `${service.sdkId}`" }
+                }
+
                 smithyKotlinPlugin {
                     serviceShapeId = service.serviceShapeId
                     packageName = service.packageName
@@ -124,6 +139,9 @@ fun awsServiceProjections(): Provider<List<SmithyProjection>> {
                         generateFullProject = false
                         generateDefaultBuildFiles = false
                     }
+                    apiSettings {
+                        enableEndpointAuthProvider = packageSettings.getBooleanMember("enableEndpointAuthProvider").orNull()?.value
+                    }
                 }
             }
         }
@@ -286,6 +304,12 @@ val AwsService.modelExtrasDir: String
 val AwsService.transformsDir: String
     get() = rootProject.file("$destinationDir/transforms").absolutePath
 
+/**
+ * Service specific package settings
+ */
+val AwsService.packageSettings: String
+    get() = rootProject.file("$destinationDir/package.json").absolutePath
+
 fun forwardProperty(name: String) {
     getProperty(name)?.let {
         System.setProperty(name, it)

@@ -7,7 +7,6 @@ package aws.sdk.kotlin.codegen
 
 import aws.sdk.kotlin.codegen.protocols.endpoints.*
 import software.amazon.smithy.codegen.core.CodegenException
-import software.amazon.smithy.kotlin.codegen.core.RuntimeTypes
 import software.amazon.smithy.kotlin.codegen.core.useFileWriter
 import software.amazon.smithy.kotlin.codegen.model.buildSymbol
 import software.amazon.smithy.kotlin.codegen.rendering.endpoints.*
@@ -66,13 +65,7 @@ class AwsEndpointDelegator : EndpointDelegator {
 
     override fun generateEndpointResolverAdapter(ctx: ProtocolGenerator.GenerationContext) {
         ctx.delegator.useFileWriter(EndpointResolverAdapterGenerator.getSymbol(ctx.settings)) {
-            EndpointResolverAdapterGenerator(ctx, it) {
-                it.write(
-                    "endpoint.#T?.#T(request.context)",
-                    RuntimeTypes.SmithyClient.Endpoints.signingContext,
-                    RuntimeTypes.Auth.Signing.AwsSigningCommon.mergeInto,
-                )
-            }.render()
+            EndpointResolverAdapterGenerator(ctx, it).render()
         }
     }
 

@@ -5,21 +5,19 @@
 
 package aws.sdk.kotlin.codegen.customization.s3
 
+import aws.sdk.kotlin.codegen.protocols.core.AwsHttpProtocolClientGenerator
+import aws.sdk.kotlin.codegen.protocols.core.putIfAbsent
 import software.amazon.smithy.kotlin.codegen.KotlinSettings
 import software.amazon.smithy.kotlin.codegen.core.KotlinWriter
 import software.amazon.smithy.kotlin.codegen.core.RuntimeTypes
-import software.amazon.smithy.kotlin.codegen.core.withBlock
-import software.amazon.smithy.kotlin.codegen.integration.AuthSchemeHandler
 import software.amazon.smithy.kotlin.codegen.integration.KotlinIntegration
+import software.amazon.smithy.kotlin.codegen.integration.SectionWriterBinding
 import software.amazon.smithy.kotlin.codegen.model.expectShape
-import software.amazon.smithy.kotlin.codegen.model.knowledge.AwsSignatureVersion4
-import software.amazon.smithy.kotlin.codegen.rendering.auth.SigV4AuthSchemeHandler
-import software.amazon.smithy.kotlin.codegen.rendering.protocol.ProtocolGenerator
 import software.amazon.smithy.model.Model
 import software.amazon.smithy.model.shapes.ServiceShape
 
 /**
- * Overrides the SigV4 auth scheme registered by [software.amazon.smithy.kotlin.codegen.rendering.auth.Sigv4AuthSchemeIntegration] for S3.
+ * Set default signing attributes in the execution context (which ultimately becomes the signing context) for S3.
  */
 class S3SigningConfig : KotlinIntegration {
     // auth schemes are de-duped by taking the last one registered
@@ -29,22 +27,14 @@ class S3SigningConfig : KotlinIntegration {
     override fun enabledForService(model: Model, settings: KotlinSettings) =
         model.expectShape<ServiceShape>(settings.service).isS3
 
-    override fun authSchemes(ctx: ProtocolGenerator.GenerationContext): List<AuthSchemeHandler> =
-        listOf(S3AuthSchemeHandler())
-}
-
-private class S3AuthSchemeHandler : SigV4AuthSchemeHandler() {
-    override fun instantiateAuthSchemeExpr(ctx: ProtocolGenerator.GenerationContext, writer: KotlinWriter) {
-        val signingService = AwsSignatureVersion4.signingServiceName(ctx.service)
-        writer.withBlock("#T(", ")", RuntimeTypes.Auth.HttpAuthAws.SigV4AuthScheme) {
-            withBlock("#T.Config().apply {", "}", RuntimeTypes.Auth.HttpAuthAws.AwsHttpSigner) {
-                write("signer = #T", RuntimeTypes.Auth.Signing.AwsSigningStandard.DefaultAwsSigner)
-                write("service = #S", signingService)
-                write("signedBodyHeader = #T.X_AMZ_CONTENT_SHA256", RuntimeTypes.Auth.Signing.AwsSigningCommon.AwsSignedBodyHeader)
-                // https://github.com/awslabs/aws-sdk-kotlin/issues/200
-                writer.write("useDoubleUriEncode = false")
-                writer.write("normalizeUriPath = false")
-            }
-        }
+    override val sectionWriters: List<SectionWriterBinding> = listOf(
+        SectionWriterBinding(AwsHttpProtocolClientGenerator.MergeServiceDefaults, ::renderDefaultSigningContext),
+    )
+    private fun renderDefaultSigningContext(writer: KotlinWriter, previousValue: String?) {
+        val signingAttrs = RuntimeTypes.Auth.Signing.AwsSigningCommon.AwsSigningAttributes
+        // https://github.com/awslabs/aws-sdk-kotlin/issues/200
+        writer.putIfAbsent(signingAttrs, "NormalizeUriPath", "false")
+        writer.putIfAbsent(signingAttrs, "UseDoubleUriEncode", "false")
+        writer.putIfAbsent(signingAttrs, "SignedBodyHeader", writer.format("#T.X_AMZ_CONTENT_SHA256", RuntimeTypes.Auth.Signing.AwsSigningCommon.AwsSignedBodyHeader))
     }
 }
@@ -10,6 +10,8 @@ import software.amazon.smithy.codegen.core.Symbol
 import software.amazon.smithy.kotlin.codegen.core.*
 import software.amazon.smithy.kotlin.codegen.core.RuntimeTypes.Auth.Signing.AwsSigningCommon.AwsSigningAttributes
 import software.amazon.smithy.kotlin.codegen.core.RuntimeTypes.SmithyClient.SdkClientOption
+import software.amazon.smithy.kotlin.codegen.integration.SectionId
+import software.amazon.smithy.kotlin.codegen.integration.SectionKey
 import software.amazon.smithy.kotlin.codegen.integration.SectionWriter
 import software.amazon.smithy.kotlin.codegen.model.hasIdempotentTokenMember
 import software.amazon.smithy.kotlin.codegen.model.knowledge.AwsSignatureVersion4
@@ -31,6 +33,9 @@ open class AwsHttpProtocolClientGenerator(
     middlewares: List<ProtocolMiddleware>,
     httpBindingResolver: HttpBindingResolver,
 ) : HttpProtocolClientGenerator(ctx, middlewares, httpBindingResolver) {
+    object MergeServiceDefaults : SectionId {
+        val GenerationContext: SectionKey<ProtocolGenerator.GenerationContext> = SectionKey("GenerationContext")
+    }
 
     override fun render(writer: KotlinWriter) {
         writer.write("\n\n")
@@ -109,11 +114,13 @@ open class AwsHttpProtocolClientGenerator(
             if (ctx.service.hasIdempotentTokenMember(ctx.model)) {
                 putIfAbsent(SdkClientOption, "IdempotencyTokenProvider", nullable = true)
             }
+
+            writer.declareSection(MergeServiceDefaults)
         }
     }
 }
 
-private fun KotlinWriter.putIfAbsent(
+internal fun KotlinWriter.putIfAbsent(
     attributesSymbol: Symbol,
     name: String,
     literalValue: String? = null,

@@ -5,6 +5,7 @@
 package aws.sdk.kotlin.codegen.protocols.endpoints
 
 import aws.sdk.kotlin.codegen.AwsRuntimeTypes
+import software.amazon.smithy.codegen.core.Symbol
 import software.amazon.smithy.kotlin.codegen.core.KotlinWriter
 import software.amazon.smithy.kotlin.codegen.core.RuntimeTypes
 import software.amazon.smithy.kotlin.codegen.core.withBlock
@@ -24,10 +25,10 @@ val awsEndpointPropertyRenderers = mapOf(
     "authSchemes" to ::renderAuthSchemes,
 )
 
-private fun String.toSigningContextClassName(): String? =
+private fun String.toAuthOptionFactoryFn(): Symbol? =
     when (this) {
-        "sigv4" -> "SigV4"
-        "sigv4a" -> "SigV4A"
+        "sigv4" -> RuntimeTypes.Auth.HttpAuthAws.sigV4
+        "sigv4a" -> RuntimeTypes.Auth.HttpAuthAws.sigV4A
         else -> null
     }
 
@@ -37,16 +38,16 @@ private fun renderAuthSchemes(writer: KotlinWriter, authSchemes: Expression, exp
         authSchemes.toNode().expectArrayNode().forEach {
             val scheme = it.expectObjectNode()
             val schemeName = scheme.expectStringMember("name").value
-            val className = schemeName.toSigningContextClassName() ?: return@forEach
+            val authFactoryFn = schemeName.toAuthOptionFactoryFn() ?: return@forEach
 
-            withBlock("#T.#L(", "),", RuntimeTypes.SmithyClient.Endpoints.SigningContext, className) {
+            withBlock("#T(", "),", authFactoryFn) {
                 // we delegate back to the expression visitor for each of these fields because it's possible to
                 // encounter template strings throughout
 
-                writeInline("signingName = ")
+                writeInline("serviceName = ")
                 renderOrElse(expressionRenderer, scheme.getStringMember("signingName"), "null")
 
-                writeInline("disableDoubleEncoding = ")
+                writeInline("disableDoubleUriEncode = ")
                 renderOrElse(expressionRenderer, scheme.getBooleanMember("disableDoubleEncoding"), "false")
 
                 when (schemeName) {

@@ -7,7 +7,7 @@ coroutines-version = "1.7.3"
 atomicfu-version = "0.22.0"
 
 # smithy-kotlin codegen and runtime are versioned together
-smithy-kotlin-version = "0.28.1"
+smithy-kotlin-version = "0.28.2-SNAPSHOT"
 
 # codegen
 smithy-version = "1.39.0"

@@ -13,10 +13,16 @@ import java.util.*
 
 class SmithyKotlinApiSettings : ToNode {
     var visibility: String? = null
+    var nullabilityCheckMode: String? = null
+    var defaultValueSerializationMode: String? = null
+    var enableEndpointAuthProvider: Boolean? = null
 
     override fun toNode(): Node {
         val builder = ObjectNode.objectNodeBuilder()
         builder.withNullableMember("visibility", visibility)
+        builder.withNullableMember("nullabilityCheckMode", nullabilityCheckMode)
+        builder.withNullableMember("defaultValueSerializationMode", defaultValueSerializationMode)
+        builder.withNullableMember("enableEndpointAuthProvider", enableEndpointAuthProvider)
         return builder.build()
     }
 }

@@ -0,0 +1,4 @@
+{
+  "sdkId": "EventBridge",
+  "enableEndpointAuthProvider": true
+}
@@ -0,0 +1,4 @@
+{
+  "sdkId": "S3",
+  "enableEndpointAuthProvider": true
+}