Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(experimentalIdentityAndAuth): customize @httpBearerAuth identity providers for the AWS SDK #5169

Merged

Conversation

syall
Copy link
Contributor

@syall syall commented Sep 2, 2023

Issue

Issue number, if available, prefixed with "#"

N/A.

Description

What does this implement/fix? Explain your changes.

Register AwsCustomizeHttpBearerTokenAuthPlugin integration to
customize @httpBearerAuth to use:

  • Browser: a function that throws an error saying token is missing
  • Node.js: nodeProvider from @aws-sdk/token-providers

Dependent on: smithy-lang/smithy-typescript#907

Testing

How was this change tested?

Everything is gated behind experimentalIdentityAndAuth.

Complete generic codegen client diff: https://gist.github.com/syall/72886efc2450c04f73495351188ed61e#file-pr-5169-diff

The diffs for credentialDefaultProvider and region were removed under the experimental flag in #5065, and will be added back in later PRs.

Browser

The main diff is that for runtimeConfig.browser.ts (the Browser runtime config), the following httpAuthSchemes are generated with the error function as the identity provider for smithy.api#httpBearerAuth:

diff --color -Nur ./generic-client-test-codegen/build/smithyprojections/generic-client-test-codegen/control-experimental-identity-and-auth/typescript-codegen/src/runtimeConfig.browser.ts ./generic-client-test-codegen/build/smithyprojections/generic-client-test-codegen/client-experimental-identity-and-auth/typescript-codegen/src/runtimeConfig.browser.ts
--- ./generic-client-test-codegen/build/smithyprojections/generic-client-test-codegen/control-experimental-identity-and-auth/typescript-codegen/src/runtimeConfig.browser.ts	2023-09-05 15:27:52
+++ ./generic-client-test-codegen/build/smithyprojections/generic-client-test-codegen/client-experimental-identity-and-auth/typescript-codegen/src/runtimeConfig.browser.ts	2023-09-05 15:27:52
@@ -5,10 +5,16 @@
 import { Sha256 } from "@aws-crypto/sha256-browser";
 import { defaultUserAgent } from "@aws-sdk/util-user-agent-browser";
 import {
+  HttpApiKeyAuthSigner,
+  HttpBearerAuthSigner,
+  IdentityProviderConfig,
+  NoAuthSigner,
+  SigV4Signer,
+} from "@smithy/experimental-identity-and-auth";
+import {
   FetchHttpHandler as RequestHandler,
   streamCollector,
 } from "@smithy/fetch-http-handler";
-import { invalidProvider } from "@smithy/invalid-dependency";
 import { calculateBodyLength } from "@smithy/util-body-length-browser";
 import {
   DEFAULT_MAX_ATTEMPTS,
@@ -32,10 +38,29 @@
     runtime: "browser",
     defaultsMode,
     bodyLengthChecker: config?.bodyLengthChecker ?? calculateBodyLength,
-    credentialDefaultProvider: config?.credentialDefaultProvider ?? ((_: unknown) => () => Promise.reject(new Error("Credential is missing"))),
     defaultUserAgentProvider: config?.defaultUserAgentProvider ?? defaultUserAgent({clientVersion: packageInfo.version}),
+    httpAuthSchemes: config?.httpAuthSchemes ?? [{
+          schemeId: "aws.auth#sigv4",
+          identityProvider: (config: IdentityProviderConfig) =>
+            config.getIdentityProvider("aws.auth#sigv4"),
+          signer: new SigV4Signer(),
+        }, {
+          schemeId: "smithy.api#httpApiKeyAuth",
+          identityProvider: (config: IdentityProviderConfig) =>
+            config.getIdentityProvider("smithy.api#httpApiKeyAuth"),
+          signer: new HttpApiKeyAuthSigner(),
+        }, {
+          schemeId: "smithy.api#httpBearerAuth",
+          identityProvider: (config: IdentityProviderConfig) =>
+            config.getIdentityProvider("smithy.api#httpBearerAuth") || (async () => { throw new Error("`token` is missing"); }),
+          signer: new HttpBearerAuthSigner(),
+        }, {
+          schemeId: "smithy.api#noAuth",
+          identityProvider: (config: IdentityProviderConfig) =>
+            config.getIdentityProvider("smithy.api#noAuth") || (async () => ({})),
+          signer: new NoAuthSigner(),
+        }],
     maxAttempts: config?.maxAttempts ?? DEFAULT_MAX_ATTEMPTS,
-    region: config?.region ?? invalidProvider("Region is missing"),
     requestHandler: config?.requestHandler ?? new RequestHandler(defaultConfigProvider),
     retryMode: config?.retryMode ?? (async () => (await defaultConfigProvider()).retryMode || DEFAULT_RETRY_MODE),
     sha256: config?.sha256 ?? Sha256,

Node.js

The main diff is that for runtimeConfig.ts (the Node.js runtime config), the following httpAuthSchemes are generated with nodeProvider as the identity provider for smithy.api#httpBearerAuth:

diff --color -Nur ./generic-client-test-codegen/build/smithyprojections/generic-client-test-codegen/control-experimental-identity-and-auth/typescript-codegen/src/runtimeConfig.ts ./generic-client-test-codegen/build/smithyprojections/generic-client-test-codegen/client-experimental-identity-and-auth/typescript-codegen/src/runtimeConfig.ts
--- ./generic-client-test-codegen/build/smithyprojections/generic-client-test-codegen/control-experimental-identity-and-auth/typescript-codegen/src/runtimeConfig.ts	2023-09-05 15:27:52
+++ ./generic-client-test-codegen/build/smithyprojections/generic-client-test-codegen/client-experimental-identity-and-auth/typescript-codegen/src/runtimeConfig.ts	2023-09-05 15:27:52
@@ -2,13 +2,15 @@
 // @ts-ignore: package.json will be imported from dist folders
 import packageInfo from "../package.json"; // eslint-disable-line
 
-import { decorateDefaultCredentialProvider } from "@aws-sdk/client-sts";
-import { defaultProvider as credentialDefaultProvider } from "@aws-sdk/credential-provider-node";
+import { nodeProvider } from "@aws-sdk/token-providers";
 import { defaultUserAgent } from "@aws-sdk/util-user-agent-node";
 import {
-  NODE_REGION_CONFIG_FILE_OPTIONS,
-  NODE_REGION_CONFIG_OPTIONS,
-} from "@smithy/config-resolver";
+  HttpApiKeyAuthSigner,
+  HttpBearerAuthSigner,
+  IdentityProviderConfig,
+  NoAuthSigner,
+  SigV4Signer,
+} from "@smithy/experimental-identity-and-auth";
 import { Hash } from "@smithy/hash-node";
 import {
   NODE_MAX_ATTEMPT_CONFIG_OPTIONS,
@@ -41,10 +43,29 @@
     runtime: "node",
     defaultsMode,
     bodyLengthChecker: config?.bodyLengthChecker ?? calculateBodyLength,
-    credentialDefaultProvider: config?.credentialDefaultProvider ?? decorateDefaultCredentialProvider(credentialDefaultProvider),
     defaultUserAgentProvider: config?.defaultUserAgentProvider ?? defaultUserAgent({clientVersion: packageInfo.version}),
+    httpAuthSchemes: config?.httpAuthSchemes ?? [{
+          schemeId: "aws.auth#sigv4",
+          identityProvider: (config: IdentityProviderConfig) =>
+            config.getIdentityProvider("aws.auth#sigv4"),
+          signer: new SigV4Signer(),
+        }, {
+          schemeId: "smithy.api#httpApiKeyAuth",
+          identityProvider: (config: IdentityProviderConfig) =>
+            config.getIdentityProvider("smithy.api#httpApiKeyAuth"),
+          signer: new HttpApiKeyAuthSigner(),
+        }, {
+          schemeId: "smithy.api#httpBearerAuth",
+          identityProvider: (config: IdentityProviderConfig) =>
+            config.getIdentityProvider("smithy.api#httpBearerAuth") || (nodeProvider),
+          signer: new HttpBearerAuthSigner(),
+        }, {
+          schemeId: "smithy.api#noAuth",
+          identityProvider: (config: IdentityProviderConfig) =>
+            config.getIdentityProvider("smithy.api#noAuth") || (async () => ({})),
+          signer: new NoAuthSigner(),
+        }],
     maxAttempts: config?.maxAttempts ?? loadNodeConfig(NODE_MAX_ATTEMPT_CONFIG_OPTIONS),
-    region: config?.region ?? loadNodeConfig(NODE_REGION_CONFIG_OPTIONS, NODE_REGION_CONFIG_FILE_OPTIONS),
     requestHandler: config?.requestHandler ?? new RequestHandler(defaultConfigProvider),
     retryMode: config?.retryMode ?? loadNodeConfig({...NODE_RETRY_MODE_CONFIG_OPTIONS,default: async () => (await defaultConfigProvider()).retryMode || DEFAULT_RETRY_MODE,}),
     sha256: config?.sha256 ?? Hash.bind(null, "sha256"),

Additional context

Add any other context about the PR here.

N/A.


By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@syall syall force-pushed the customize-aws-httpBearerAuth-identity-provider branch 6 times, most recently from 1aceff2 to 1da7986 Compare September 5, 2023 22:24
@syall syall changed the title feat(experimentalIdentityAndAuth): customize @httpBearerAuth to use @aws-sdk/token-providers feat(experimentalIdentityAndAuth): customize @httpBearerAuth identity providers for the AWS SDK Sep 5, 2023
@syall syall force-pushed the customize-aws-httpBearerAuth-identity-provider branch 3 times, most recently from 8090f76 to 3dfd409 Compare September 8, 2023 21:08
@syall syall marked this pull request as ready for review September 8, 2023 21:09
@syall syall requested a review from a team as a code owner September 8, 2023 21:09
@kuhe
Copy link
Contributor

kuhe commented Sep 8, 2023

the authSchemes codegen should be more compact:

e.g.

[
  {
     schemeId: "aws.auth#sigv4",
     defaultProvider: void 0,
     signer: new SigV4Signer()
  },
  {
    schemeId: "smithy.api#httpBearerAuth",
    defaultProvider: nodeProvider,
    signer: new HttpBearerAuthSigner()
  }
]

identityProvider is uniformly:

identityProvider: (config: IdentityProviderConfig) => 
  config.getIdentityProvider(this.schemeId) ?? this.defaultProvider

and could be created by a function

…ty providers for the AWS SDK

Register `AwsCustomizeHttpBearerTokenAuthPlugin` integration to
customize `@httpBearerAuth` to use:

- Browser: a function that throws an error saying `token` is
  missing
- Node.js: `nodeProvider` from `@aws-sdk/token-providers`
@syall syall force-pushed the customize-aws-httpBearerAuth-identity-provider branch from 3dfd409 to 46ec93a Compare September 8, 2023 21:56
@syall
Copy link
Contributor Author

syall commented Sep 8, 2023

the authSchemes codegen should be more compact:

e.g.

[
  {
     schemeId: "aws.auth#sigv4",
     defaultProvider: void 0,
     signer: new SigV4Signer()
  },
  {
    schemeId: "smithy.api#httpBearerAuth",
    defaultProvider: nodeProvider,
    signer: new HttpBearerAuthSigner()
  }
]

identityProvider is uniformly:

identityProvider: (config: IdentityProviderConfig) => 
  config.getIdentityProvider(this.schemeId) ?? this.defaultProvider

and could be created by a function

This is a good suggestion for reducing code size. I'll have to make changes in smithy-typescript to actually change the generated code.

@syall syall merged commit 4e65c3e into aws:main Sep 8, 2023
@syall syall deleted the customize-aws-httpBearerAuth-identity-provider branch September 8, 2023 22:18
@github-actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants