From 4e65c3ee0d9182a1613110d1586d0eb73c36885a Mon Sep 17 00:00:00 2001 From: Steven Yuan Date: Fri, 8 Sep 2023 15:18:26 -0700 Subject: [PATCH] feat(experimentalIdentityAndAuth): customize `@httpBearerAuth` identity providers (#5169) Register `AwsCustomizeHttpBearerTokenAuthPlugin` integration to customize `@httpBearerAuth` to use: - Browser: a function that throws an error saying `token` is missing - Node.js: `nodeProvider` from `@aws-sdk/token-providers` --- .../codegen/AddTokenAuthPlugin.java | 14 ++++- .../aws/typescript/codegen/AwsDependency.java | 6 +- ...AwsCustomizeHttpBearerTokenAuthPlugin.java | 59 +++++++++++++++++++ ....codegen.integration.TypeScriptIntegration | 1 + 4 files changed, 76 insertions(+), 4 deletions(-) create mode 100644 codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/auth/http/integration/AwsCustomizeHttpBearerTokenAuthPlugin.java diff --git a/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddTokenAuthPlugin.java b/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddTokenAuthPlugin.java index c82d8c9703ba3..00484b2a90cf2 100644 --- a/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddTokenAuthPlugin.java +++ b/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddTokenAuthPlugin.java @@ -20,6 +20,7 @@ import static software.amazon.smithy.typescript.codegen.integration.RuntimeClientPlugin.Convention.HAS_MIDDLEWARE; import java.util.List; +import software.amazon.smithy.typescript.codegen.TypeScriptSettings; import software.amazon.smithy.typescript.codegen.integration.RuntimeClientPlugin; import software.amazon.smithy.typescript.codegen.integration.TypeScriptIntegration; import software.amazon.smithy.utils.ListUtils; @@ -27,21 +28,30 @@ /** * Configure clients with Token auth configurations and plugin. + * + * This is the existing control behavior for `experimentalIdentityAndAuth`. */ @SmithyInternalApi public final class AddTokenAuthPlugin implements TypeScriptIntegration { + + /** + * Integration should only be used if `experimentalIdentityAndAuth` flag is false. + */ + @Override + public boolean matchesSettings(TypeScriptSettings settings) { + return !settings.getExperimentalIdentityAndAuth(); + } + @Override public List getClientPlugins() { return ListUtils.of( RuntimeClientPlugin.builder() .withConventions(AwsDependency.MIDDLEWARE_TOKEN.dependency, "Token", HAS_CONFIG) .servicePredicate((m, s) -> isHttpBearerAuthService(s)) - .settingsPredicate((m, s, settings) -> !settings.getExperimentalIdentityAndAuth()) .build(), RuntimeClientPlugin.builder() .withConventions(AwsDependency.MIDDLEWARE_TOKEN.dependency, "Token", HAS_MIDDLEWARE) .servicePredicate((m, s) -> isHttpBearerAuthService(s)) - .settingsPredicate((m, s, settings) -> !settings.getExperimentalIdentityAndAuth()) .build() ); } diff --git a/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AwsDependency.java b/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AwsDependency.java index 393a3d8cb27ed..3bf1711a1e413 100644 --- a/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AwsDependency.java +++ b/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AwsDependency.java @@ -83,7 +83,10 @@ public enum AwsDependency implements PackageContainer, SymbolDependencyContainer FLEXIBLE_CHECKSUMS_MIDDLEWARE(NORMAL_DEPENDENCY, "@aws-sdk/middleware-flexible-checksums"), // Conditionally added when auth trait is present - MIDDLEWARE_API_KEY(NORMAL_DEPENDENCY, "@aws-sdk/middleware-api-key"); + MIDDLEWARE_API_KEY(NORMAL_DEPENDENCY, "@aws-sdk/middleware-api-key"), + + // feat(experimentalIdentityAndAuth): Conditionally added when @httpBearerAuth is used in an AWS service + TOKEN_PROVIDERS(NORMAL_DEPENDENCY, "@aws-sdk/token-providers"); public final String packageName; public final String version; @@ -140,4 +143,3 @@ private static String expectVersion(String packageName) { } } } - diff --git a/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/auth/http/integration/AwsCustomizeHttpBearerTokenAuthPlugin.java b/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/auth/http/integration/AwsCustomizeHttpBearerTokenAuthPlugin.java new file mode 100644 index 0000000000000..ae949dcbb50af --- /dev/null +++ b/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/auth/http/integration/AwsCustomizeHttpBearerTokenAuthPlugin.java @@ -0,0 +1,59 @@ +/* + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0 + */ + +package software.amazon.smithy.aws.typescript.codegen.auth.http.integration; + +import java.util.List; +import software.amazon.smithy.aws.typescript.codegen.AwsDependency; +import software.amazon.smithy.model.traits.HttpBearerAuthTrait; +import software.amazon.smithy.typescript.codegen.LanguageTarget; +import software.amazon.smithy.typescript.codegen.TypeScriptSettings; +import software.amazon.smithy.typescript.codegen.auth.http.HttpAuthScheme; +import software.amazon.smithy.typescript.codegen.auth.http.SupportedHttpAuthSchemesIndex; +import software.amazon.smithy.typescript.codegen.auth.http.integration.AddHttpBearerAuthPlugin; +import software.amazon.smithy.typescript.codegen.auth.http.integration.HttpAuthTypeScriptIntegration; +import software.amazon.smithy.utils.SmithyInternalApi; + +/** + * Customize @httpBearerAuth for AWS SDKs. + * + * This is the experimental behavior for `experimentalIdentityAndAuth`. + */ +@SmithyInternalApi +public final class AwsCustomizeHttpBearerTokenAuthPlugin implements HttpAuthTypeScriptIntegration { + + /** + * Integration should only be used if `experimentalIdentityAndAuth` flag is true. + */ + @Override + public boolean matchesSettings(TypeScriptSettings settings) { + return settings.getExperimentalIdentityAndAuth(); + } + + /** + * Run after default AddHttpBearerAuthPlugin. + */ + @Override + public List runAfter() { + return List.of(AddHttpBearerAuthPlugin.class.getCanonicalName()); + } + + @Override + public void customizeSupportedHttpAuthSchemes(SupportedHttpAuthSchemesIndex supportedHttpAuthSchemesIndex) { + HttpAuthScheme authScheme = supportedHttpAuthSchemesIndex.getHttpAuthScheme(HttpBearerAuthTrait.ID).toBuilder() + // Current behavior of unconfigured `token` is to throw an error. + // This may need to be customized if a service is released with multiple auth schemes. + .putDefaultIdentityProvider(LanguageTarget.BROWSER, w -> + w.write("async () => { throw new Error(\"`token` is missing\"); }")) + // Use `@aws-sdk/token-providers` as the default identity provider chain for Node.js + .putDefaultIdentityProvider(LanguageTarget.NODE, w -> { + w.addDependency(AwsDependency.TOKEN_PROVIDERS); + w.addImport("nodeProvider", null, AwsDependency.TOKEN_PROVIDERS); + w.write("nodeProvider"); + }) + .build(); + supportedHttpAuthSchemesIndex.putHttpAuthScheme(authScheme.getSchemeId(), authScheme); + } +} diff --git a/codegen/smithy-aws-typescript-codegen/src/main/resources/META-INF/services/software.amazon.smithy.typescript.codegen.integration.TypeScriptIntegration b/codegen/smithy-aws-typescript-codegen/src/main/resources/META-INF/services/software.amazon.smithy.typescript.codegen.integration.TypeScriptIntegration index 24768c502a551..5ab4b6c37bc02 100644 --- a/codegen/smithy-aws-typescript-codegen/src/main/resources/META-INF/services/software.amazon.smithy.typescript.codegen.integration.TypeScriptIntegration +++ b/codegen/smithy-aws-typescript-codegen/src/main/resources/META-INF/services/software.amazon.smithy.typescript.codegen.integration.TypeScriptIntegration @@ -24,4 +24,5 @@ software.amazon.smithy.aws.typescript.codegen.AddDocumentClientPlugin software.amazon.smithy.aws.typescript.codegen.AddEndpointDiscoveryPlugin software.amazon.smithy.aws.typescript.codegen.AddHttpChecksumDependency software.amazon.smithy.aws.typescript.codegen.AddEventBridgePlugin +software.amazon.smithy.aws.typescript.codegen.auth.http.integration.AwsCustomizeHttpBearerTokenAuthPlugin software.amazon.smithy.aws.typescript.codegen.auth.http.integration.AwsCustomizeSigv4AuthPlugin