diff --git a/services/polly/src/main/java/software/amazon/awssdk/services/polly/internal/presigner/DefaultPollyPresigner.java b/services/polly/src/main/java/software/amazon/awssdk/services/polly/internal/presigner/DefaultPollyPresigner.java index a02a7a94be58..92f68a5ee373 100644 --- a/services/polly/src/main/java/software/amazon/awssdk/services/polly/internal/presigner/DefaultPollyPresigner.java +++ b/services/polly/src/main/java/software/amazon/awssdk/services/polly/internal/presigner/DefaultPollyPresigner.java @@ -48,16 +48,12 @@ import software.amazon.awssdk.core.signer.Signer; import software.amazon.awssdk.http.SdkHttpFullRequest; import software.amazon.awssdk.http.SdkHttpMethod; -import software.amazon.awssdk.http.auth.aws.scheme.AwsV4AuthScheme; -import software.amazon.awssdk.http.auth.spi.scheme.AuthScheme; import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity; import software.amazon.awssdk.identity.spi.IdentityProvider; -import software.amazon.awssdk.identity.spi.IdentityProviders; import software.amazon.awssdk.profiles.ProfileFile; import software.amazon.awssdk.profiles.ProfileFileSystemSetting; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.regions.providers.DefaultAwsRegionProviderChain; -import software.amazon.awssdk.services.polly.auth.scheme.PollyAuthSchemeProvider; import software.amazon.awssdk.services.polly.internal.presigner.model.transform.SynthesizeSpeechRequestMarshaller; import software.amazon.awssdk.services.polly.model.PollyRequest; import software.amazon.awssdk.services.polly.presigner.PollyPresigner; @@ -67,6 +63,9 @@ import software.amazon.awssdk.utils.IoUtils; import software.amazon.awssdk.utils.Validate; +// TODO(sra-identity-auth): Move to SRA I&A. Note, until we expose ability configuration for the SRA interfaces, like +// AuthSchemeProvider (directly or via Plugins), there isn't any real customer benefit to moving to SRA, other than just getting +// off the old deprecated Signer interface. /** * Default implementation of {@link PollyPresigner}. */ @@ -186,6 +185,7 @@ private void initializePresignedRequest(PresignedRequest.Builder presignedReques private SdkHttpFullRequest presignRequest(PollyRequest requestToPresign, SdkHttpFullRequest marshalledRequest, ExecutionAttributes executionAttributes) { + // TODO(sra-identity-auth): Move to SRA HttpSigner Presigner presigner = resolvePresigner(requestToPresign); SdkHttpFullRequest presigned = presigner.presign(marshalledRequest, executionAttributes); List signedHeadersQueryParam = presigned.firstMatchingRawQueryParameters("X-Amz-SignedHeaders"); @@ -208,19 +208,25 @@ private ExecutionAttributes createExecutionAttributes(PresignRequest presignRequ .putAttribute(SdkInternalExecutionAttribute.IS_FULL_DUPLEX, false) .putAttribute(SdkExecutionAttribute.CLIENT_TYPE, ClientType.SYNC) .putAttribute(SdkExecutionAttribute.SERVICE_NAME, SERVICE_NAME) - .putAttribute(PRESIGNER_EXPIRATION, signatureExpiration) + .putAttribute(PRESIGNER_EXPIRATION, signatureExpiration); + // TODO(sra-identity-auth): Uncomment when switching to useSraAuth=true + /* .putAttribute(SdkInternalExecutionAttribute.AUTH_SCHEME_RESOLVER, PollyAuthSchemeProvider.defaultProvider()) .putAttribute(SdkInternalExecutionAttribute.AUTH_SCHEMES, authSchemes()) .putAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDERS, IdentityProviders.builder() .putIdentityProvider(credentialsProvider()) .build()); + */ } + // TODO(sra-identity-auth): Uncomment when switching to useSraAuth=true + /* private Map> authSchemes() { AwsV4AuthScheme awsV4AuthScheme = AwsV4AuthScheme.create(); return Collections.singletonMap(awsV4AuthScheme.schemeId(), awsV4AuthScheme); } + */ private IdentityProvider resolveCredentialsProvider(PollyRequest request) { return request.overrideConfiguration().flatMap(AwsRequestOverrideConfiguration::credentialsIdentityProvider) diff --git a/services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/signing/DefaultS3Presigner.java b/services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/signing/DefaultS3Presigner.java index 451f870e5987..a3ade54fba41 100644 --- a/services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/signing/DefaultS3Presigner.java +++ b/services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/signing/DefaultS3Presigner.java @@ -24,7 +24,6 @@ import java.time.Instant; import java.util.ArrayList; import java.util.Collections; -import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Optional; @@ -62,16 +61,10 @@ import software.amazon.awssdk.http.SdkHttpFullRequest; import software.amazon.awssdk.http.SdkHttpMethod; import software.amazon.awssdk.http.SdkHttpRequest; -import software.amazon.awssdk.http.auth.aws.scheme.AwsV4AuthScheme; -import software.amazon.awssdk.http.auth.aws.scheme.AwsV4aAuthScheme; -import software.amazon.awssdk.http.auth.spi.scheme.AuthScheme; -import software.amazon.awssdk.identity.spi.IdentityProviders; import software.amazon.awssdk.metrics.NoOpMetricCollector; import software.amazon.awssdk.protocols.xml.AwsS3ProtocolFactory; import software.amazon.awssdk.regions.ServiceMetadataAdvancedOption; import software.amazon.awssdk.services.s3.S3Configuration; -import software.amazon.awssdk.services.s3.auth.scheme.S3AuthSchemeProvider; -import software.amazon.awssdk.services.s3.auth.scheme.internal.S3AuthSchemeInterceptor; import software.amazon.awssdk.services.s3.endpoints.S3ClientContextParams; import software.amazon.awssdk.services.s3.endpoints.S3EndpointProvider; import software.amazon.awssdk.services.s3.endpoints.internal.S3RequestSetEndpointInterceptor; @@ -111,6 +104,9 @@ import software.amazon.awssdk.utils.Logger; import software.amazon.awssdk.utils.Validate; +// TODO(sra-identity-auth): Move to SRA I&A. Note, until we expose ability configuration for the SRA interfaces, like +// AuthSchemeProvider (directly or via Plugins), there isn't any real customer benefit to moving to SRA, other than just getting +// off the old deprecated Signer interface. /** * The default implementation of the {@link S3Presigner} interface. */ @@ -209,7 +205,8 @@ private List initializeInterceptors() { List s3Interceptors = interceptorFactory.getInterceptors("software/amazon/awssdk/services/s3/execution.interceptors"); List additionalInterceptors = new ArrayList<>(); - additionalInterceptors.add(new S3AuthSchemeInterceptor()); + // TODO(sra-identity-auth): Uncomment when S3 swithces to useSraAuth=true + // additionalInterceptors.add(new S3AuthSchemeInterceptor()); additionalInterceptors.add(new S3ResolveEndpointInterceptor()); additionalInterceptors.add(new S3RequestSetEndpointInterceptor()); s3Interceptors = mergeLists(s3Interceptors, additionalInterceptors); @@ -370,13 +367,16 @@ private ExecutionContext invokeInterceptorsAndCreateExecutionContext(PresignRequ .putAttribute(AwsExecutionAttribute.DUALSTACK_ENDPOINT_ENABLED, serviceConfiguration.dualstackEnabled()) .putAttribute(SdkInternalExecutionAttribute.ENDPOINT_PROVIDER, S3EndpointProvider.defaultProvider()) .putAttribute(AwsExecutionAttribute.USE_GLOBAL_ENDPOINT, useGlobalEndpointResolver.resolve(region())) - .putAttribute(SdkInternalExecutionAttribute.CLIENT_CONTEXT_PARAMS, clientContextParams) + .putAttribute(SdkInternalExecutionAttribute.CLIENT_CONTEXT_PARAMS, clientContextParams); + // TODO(sra-identity-auth): Uncomment when switching to useSraAuth=true + /* .putAttribute(SdkInternalExecutionAttribute.AUTH_SCHEME_RESOLVER, S3AuthSchemeProvider.defaultProvider()) .putAttribute(SdkInternalExecutionAttribute.AUTH_SCHEMES, authSchemes()) .putAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDERS, IdentityProviders.builder() .putIdentityProvider(credentialsProvider()) .build()); + */ ExecutionInterceptorChain executionInterceptorChain = new ExecutionInterceptorChain(clientInterceptors); @@ -386,6 +386,9 @@ private ExecutionContext invokeInterceptorsAndCreateExecutionContext(PresignRequ interceptorContext = AwsExecutionContextBuilder.runInitialInterceptors(interceptorContext, executionAttributes, executionInterceptorChain); + + + // TODO(sra-identity-auth): To move to SRA, use HttpSigner and Identity from SelectedAuthScheme AwsCredentialsAuthorizationStrategy authorizationContext = AwsCredentialsAuthorizationStrategy.builder() .request(interceptorContext.request()) @@ -404,6 +407,8 @@ private ExecutionContext invokeInterceptorsAndCreateExecutionContext(PresignRequ .build(); } + // TODO(sra-identity-auth): Uncomment when S3 swithces to useSraAuth=true + /* private Map> authSchemes() { Map> schemes = new HashMap<>(2); AwsV4AuthScheme awsV4AuthScheme = AwsV4AuthScheme.create(); @@ -412,6 +417,7 @@ private Map> authSchemes() { schemes.put(awsV4aAuthScheme.schemeId(), awsV4aAuthScheme); return Collections.unmodifiableMap(schemes); } + */ /** * Call the before-marshalling interceptor hooks. @@ -512,6 +518,7 @@ private SdkHttpFullRequest getHttpFullRequest(ExecutionContext execCtx) { /** * Presign the provided HTTP request. */ + // TODO(sra-identity-auth): Move to SRA HttpSigner private SdkHttpFullRequest presignRequest(ExecutionContext execCtx, SdkHttpFullRequest request) { Presigner presigner = Validate.isInstanceOf(Presigner.class, execCtx.signer(), "Configured signer (%s) does not support presigning (must implement %s).",