From aa8a040a697b03476beb2691031af031fafe19a0 Mon Sep 17 00:00:00 2001 From: Jaykumar Gosar Date: Tue, 3 Oct 2023 15:25:22 -0700 Subject: [PATCH] Revert "Revert Presigners to pre SRA Identity & Auth (#4515)" This reverts commit cadb6abe57eca7da8cc985c77942dacd743e9566. --- .../presigner/DefaultPollyPresigner.java | 16 ++++-------- .../internal/signing/DefaultS3Presigner.java | 25 +++++++------------ 2 files changed, 14 insertions(+), 27 deletions(-) diff --git a/services/polly/src/main/java/software/amazon/awssdk/services/polly/internal/presigner/DefaultPollyPresigner.java b/services/polly/src/main/java/software/amazon/awssdk/services/polly/internal/presigner/DefaultPollyPresigner.java index 92f68a5ee373..a02a7a94be58 100644 --- a/services/polly/src/main/java/software/amazon/awssdk/services/polly/internal/presigner/DefaultPollyPresigner.java +++ b/services/polly/src/main/java/software/amazon/awssdk/services/polly/internal/presigner/DefaultPollyPresigner.java @@ -48,12 +48,16 @@ import software.amazon.awssdk.core.signer.Signer; import software.amazon.awssdk.http.SdkHttpFullRequest; import software.amazon.awssdk.http.SdkHttpMethod; +import software.amazon.awssdk.http.auth.aws.scheme.AwsV4AuthScheme; +import software.amazon.awssdk.http.auth.spi.scheme.AuthScheme; import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity; import software.amazon.awssdk.identity.spi.IdentityProvider; +import software.amazon.awssdk.identity.spi.IdentityProviders; import software.amazon.awssdk.profiles.ProfileFile; import software.amazon.awssdk.profiles.ProfileFileSystemSetting; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.regions.providers.DefaultAwsRegionProviderChain; +import software.amazon.awssdk.services.polly.auth.scheme.PollyAuthSchemeProvider; import software.amazon.awssdk.services.polly.internal.presigner.model.transform.SynthesizeSpeechRequestMarshaller; import software.amazon.awssdk.services.polly.model.PollyRequest; import software.amazon.awssdk.services.polly.presigner.PollyPresigner; @@ -63,9 +67,6 @@ import software.amazon.awssdk.utils.IoUtils; import software.amazon.awssdk.utils.Validate; -// TODO(sra-identity-auth): Move to SRA I&A. Note, until we expose ability configuration for the SRA interfaces, like -// AuthSchemeProvider (directly or via Plugins), there isn't any real customer benefit to moving to SRA, other than just getting -// off the old deprecated Signer interface. /** * Default implementation of {@link PollyPresigner}. */ @@ -185,7 +186,6 @@ private void initializePresignedRequest(PresignedRequest.Builder presignedReques private SdkHttpFullRequest presignRequest(PollyRequest requestToPresign, SdkHttpFullRequest marshalledRequest, ExecutionAttributes executionAttributes) { - // TODO(sra-identity-auth): Move to SRA HttpSigner Presigner presigner = resolvePresigner(requestToPresign); SdkHttpFullRequest presigned = presigner.presign(marshalledRequest, executionAttributes); List signedHeadersQueryParam = presigned.firstMatchingRawQueryParameters("X-Amz-SignedHeaders"); @@ -208,25 +208,19 @@ private ExecutionAttributes createExecutionAttributes(PresignRequest presignRequ .putAttribute(SdkInternalExecutionAttribute.IS_FULL_DUPLEX, false) .putAttribute(SdkExecutionAttribute.CLIENT_TYPE, ClientType.SYNC) .putAttribute(SdkExecutionAttribute.SERVICE_NAME, SERVICE_NAME) - .putAttribute(PRESIGNER_EXPIRATION, signatureExpiration); - // TODO(sra-identity-auth): Uncomment when switching to useSraAuth=true - /* + .putAttribute(PRESIGNER_EXPIRATION, signatureExpiration) .putAttribute(SdkInternalExecutionAttribute.AUTH_SCHEME_RESOLVER, PollyAuthSchemeProvider.defaultProvider()) .putAttribute(SdkInternalExecutionAttribute.AUTH_SCHEMES, authSchemes()) .putAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDERS, IdentityProviders.builder() .putIdentityProvider(credentialsProvider()) .build()); - */ } - // TODO(sra-identity-auth): Uncomment when switching to useSraAuth=true - /* private Map> authSchemes() { AwsV4AuthScheme awsV4AuthScheme = AwsV4AuthScheme.create(); return Collections.singletonMap(awsV4AuthScheme.schemeId(), awsV4AuthScheme); } - */ private IdentityProvider resolveCredentialsProvider(PollyRequest request) { return request.overrideConfiguration().flatMap(AwsRequestOverrideConfiguration::credentialsIdentityProvider) diff --git a/services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/signing/DefaultS3Presigner.java b/services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/signing/DefaultS3Presigner.java index a3ade54fba41..451f870e5987 100644 --- a/services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/signing/DefaultS3Presigner.java +++ b/services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/signing/DefaultS3Presigner.java @@ -24,6 +24,7 @@ import java.time.Instant; import java.util.ArrayList; import java.util.Collections; +import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Optional; @@ -61,10 +62,16 @@ import software.amazon.awssdk.http.SdkHttpFullRequest; import software.amazon.awssdk.http.SdkHttpMethod; import software.amazon.awssdk.http.SdkHttpRequest; +import software.amazon.awssdk.http.auth.aws.scheme.AwsV4AuthScheme; +import software.amazon.awssdk.http.auth.aws.scheme.AwsV4aAuthScheme; +import software.amazon.awssdk.http.auth.spi.scheme.AuthScheme; +import software.amazon.awssdk.identity.spi.IdentityProviders; import software.amazon.awssdk.metrics.NoOpMetricCollector; import software.amazon.awssdk.protocols.xml.AwsS3ProtocolFactory; import software.amazon.awssdk.regions.ServiceMetadataAdvancedOption; import software.amazon.awssdk.services.s3.S3Configuration; +import software.amazon.awssdk.services.s3.auth.scheme.S3AuthSchemeProvider; +import software.amazon.awssdk.services.s3.auth.scheme.internal.S3AuthSchemeInterceptor; import software.amazon.awssdk.services.s3.endpoints.S3ClientContextParams; import software.amazon.awssdk.services.s3.endpoints.S3EndpointProvider; import software.amazon.awssdk.services.s3.endpoints.internal.S3RequestSetEndpointInterceptor; @@ -104,9 +111,6 @@ import software.amazon.awssdk.utils.Logger; import software.amazon.awssdk.utils.Validate; -// TODO(sra-identity-auth): Move to SRA I&A. Note, until we expose ability configuration for the SRA interfaces, like -// AuthSchemeProvider (directly or via Plugins), there isn't any real customer benefit to moving to SRA, other than just getting -// off the old deprecated Signer interface. /** * The default implementation of the {@link S3Presigner} interface. */ @@ -205,8 +209,7 @@ private List initializeInterceptors() { List s3Interceptors = interceptorFactory.getInterceptors("software/amazon/awssdk/services/s3/execution.interceptors"); List additionalInterceptors = new ArrayList<>(); - // TODO(sra-identity-auth): Uncomment when S3 swithces to useSraAuth=true - // additionalInterceptors.add(new S3AuthSchemeInterceptor()); + additionalInterceptors.add(new S3AuthSchemeInterceptor()); additionalInterceptors.add(new S3ResolveEndpointInterceptor()); additionalInterceptors.add(new S3RequestSetEndpointInterceptor()); s3Interceptors = mergeLists(s3Interceptors, additionalInterceptors); @@ -367,16 +370,13 @@ private ExecutionContext invokeInterceptorsAndCreateExecutionContext(PresignRequ .putAttribute(AwsExecutionAttribute.DUALSTACK_ENDPOINT_ENABLED, serviceConfiguration.dualstackEnabled()) .putAttribute(SdkInternalExecutionAttribute.ENDPOINT_PROVIDER, S3EndpointProvider.defaultProvider()) .putAttribute(AwsExecutionAttribute.USE_GLOBAL_ENDPOINT, useGlobalEndpointResolver.resolve(region())) - .putAttribute(SdkInternalExecutionAttribute.CLIENT_CONTEXT_PARAMS, clientContextParams); - // TODO(sra-identity-auth): Uncomment when switching to useSraAuth=true - /* + .putAttribute(SdkInternalExecutionAttribute.CLIENT_CONTEXT_PARAMS, clientContextParams) .putAttribute(SdkInternalExecutionAttribute.AUTH_SCHEME_RESOLVER, S3AuthSchemeProvider.defaultProvider()) .putAttribute(SdkInternalExecutionAttribute.AUTH_SCHEMES, authSchemes()) .putAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDERS, IdentityProviders.builder() .putIdentityProvider(credentialsProvider()) .build()); - */ ExecutionInterceptorChain executionInterceptorChain = new ExecutionInterceptorChain(clientInterceptors); @@ -386,9 +386,6 @@ private ExecutionContext invokeInterceptorsAndCreateExecutionContext(PresignRequ interceptorContext = AwsExecutionContextBuilder.runInitialInterceptors(interceptorContext, executionAttributes, executionInterceptorChain); - - - // TODO(sra-identity-auth): To move to SRA, use HttpSigner and Identity from SelectedAuthScheme AwsCredentialsAuthorizationStrategy authorizationContext = AwsCredentialsAuthorizationStrategy.builder() .request(interceptorContext.request()) @@ -407,8 +404,6 @@ private ExecutionContext invokeInterceptorsAndCreateExecutionContext(PresignRequ .build(); } - // TODO(sra-identity-auth): Uncomment when S3 swithces to useSraAuth=true - /* private Map> authSchemes() { Map> schemes = new HashMap<>(2); AwsV4AuthScheme awsV4AuthScheme = AwsV4AuthScheme.create(); @@ -417,7 +412,6 @@ private Map> authSchemes() { schemes.put(awsV4aAuthScheme.schemeId(), awsV4aAuthScheme); return Collections.unmodifiableMap(schemes); } - */ /** * Call the before-marshalling interceptor hooks. @@ -518,7 +512,6 @@ private SdkHttpFullRequest getHttpFullRequest(ExecutionContext execCtx) { /** * Presign the provided HTTP request. */ - // TODO(sra-identity-auth): Move to SRA HttpSigner private SdkHttpFullRequest presignRequest(ExecutionContext execCtx, SdkHttpFullRequest request) { Presigner presigner = Validate.isInstanceOf(Presigner.class, execCtx.signer(), "Configured signer (%s) does not support presigning (must implement %s).",