smithy-lang · jdisanti · May 25, 2023 · May 19, 2023 · May 23, 2023 · May 23, 2023
@@ -23,12 +23,13 @@
 //! through a series of providers.
 
 use crate::profile::credentials::exec::named::NamedProviderFactory;
-use crate::profile::credentials::exec::{ClientConfiguration, ProviderChain};
+use crate::profile::credentials::exec::ProviderChain;
 use crate::profile::parser::ProfileFileLoadError;
 use crate::profile::profile_file::ProfileFiles;
 use crate::profile::Profile;
 use crate::provider_config::ProviderConfig;
 use aws_credential_types::provider::{self, error::CredentialsError, future, ProvideCredentials};
+use aws_sdk_sts::config::Builder as StsConfigBuilder;
 use aws_smithy_types::error::display::DisplayErrorContext;
 use std::borrow::Cow;
 use std::collections::HashMap;
@@ -141,7 +142,7 @@ impl ProvideCredentials for ProfileFileCredentialsProvider {
 #[derive(Debug)]
 pub struct ProfileFileCredentialsProvider {
     factory: NamedProviderFactory,
-    client_config: ClientConfiguration,
+    sts_config: StsConfigBuilder,
     provider_config: ProviderConfig,
 }
 
@@ -181,7 +182,7 @@ impl ProfileFileCredentialsProvider {
         };
         for provider in inner_provider.chain().iter() {
             let next_creds = provider
-                .credentials(creds, &self.client_config)
+                .credentials(creds, &self.sts_config)
                 .instrument(tracing::debug_span!("load_assume_role", provider = ?provider))
                 .await;
             match next_creds {
@@ -440,14 +441,10 @@ impl Builder {
                 )
             });
         let factory = exec::named::NamedProviderFactory::new(named_providers);
-        let core_client = conf.sts_client();
 
         ProfileFileCredentialsProvider {
             factory,
-            client_config: ClientConfiguration {
-                sts_client: core_client,
-                region: conf.region(),
-            },
+            sts_config: conf.sts_client_config(),
             provider_config: conf,
         }
     }

@@ -8,15 +8,12 @@ use crate::credential_process::CredentialProcessProvider;
 use crate::profile::credentials::ProfileFileError;
 use crate::provider_config::ProviderConfig;
 #[cfg(feature = "credentials-sso")]
-use crate::sso::{SsoConfig, SsoCredentialsProvider};
+use crate::sso::{SsoCredentialsProvider, SsoProviderConfig};
 use crate::sts;
 use crate::web_identity_token::{StaticConfiguration, WebIdentityTokenCredentialsProvider};
 use aws_credential_types::provider::{self, error::CredentialsError, ProvideCredentials};
-use aws_sdk_sts::middleware::DefaultMiddleware;
-use aws_sdk_sts::operation::assume_role::AssumeRoleInput;
-use aws_sdk_sts::{config::Credentials, Config};
-use aws_smithy_client::erase::DynConnector;
-use aws_types::region::Region;
+use aws_sdk_sts::config::{Builder as StsConfigBuilder, Credentials};
+use aws_sdk_sts::Client as StsClient;
 use std::fmt::Debug;
 use std::sync::Arc;
 
@@ -27,39 +24,28 @@ pub(super) struct AssumeRoleProvider {
     session_name: Option<String>,
 }
 
-#[derive(Debug)]
-pub(super) struct ClientConfiguration {
-    pub(super) sts_client: aws_smithy_client::Client<DynConnector, DefaultMiddleware>,
-    pub(super) region: Option<Region>,
-}
-
 impl AssumeRoleProvider {
     pub(super) async fn credentials(
         &self,
         input_credentials: Credentials,
-        client_config: &ClientConfiguration,
+        sts_config: &StsConfigBuilder,
     ) -> provider::Result {
-        let config = Config::builder()
+        let config = sts_config
+            .clone()
             .credentials_provider(input_credentials)
-            .region(client_config.region.clone())
             .build();
+        let client = StsClient::from_conf(config);
         let session_name = &self
             .session_name
             .as_ref()
             .cloned()
             .unwrap_or_else(|| sts::util::default_session_name("assume-role-from-profile"));
-        let operation = AssumeRoleInput::builder()
+        let assume_role_creds = client
+            .assume_role()
             .role_arn(&self.role_arn)
             .set_external_id(self.external_id.clone())
             .role_session_name(session_name)
-            .build()
-            .expect("operation is valid")
-            .make_operation(&config)
-            .await
-            .expect("valid operation");
-        let assume_role_creds = client_config
-            .sts_client
-            .call(operation)
+            .send()
             .await
             .map_err(CredentialsError::provider_error)?
             .credentials;
@@ -127,7 +113,8 @@ impl ProviderChain {
             } => {
                 #[cfg(feature = "credentials-sso")]
                 {
-                    let sso_config = SsoConfig {
+                    use aws_types::region::Region;
+                    let sso_config = SsoProviderConfig {
                         account_id: sso_account_id.to_string(),
                         role_name: sso_role_name.to_string(),
                         start_url: sso_start_url.to_string(),

@@ -16,10 +16,8 @@ use crate::provider_config::ProviderConfig;
 
 use aws_credential_types::provider::{self, error::CredentialsError, future, ProvideCredentials};
 use aws_credential_types::Credentials;
-use aws_sdk_sso::middleware::DefaultMiddleware as SsoMiddleware;
-use aws_sdk_sso::operation::get_role_credentials::GetRoleCredentialsInput;
 use aws_sdk_sso::types::RoleCredentials;
-use aws_smithy_client::erase::DynConnector;
+use aws_sdk_sso::{config::Builder as SsoConfigBuilder, Client as SsoClient, Config as SsoConfig};
 use aws_smithy_json::deserialize::Token;
 use aws_smithy_types::date_time::Format;
 use aws_smithy_types::DateTime;
@@ -32,23 +30,11 @@ use std::fmt::{Display, Formatter};
 use std::io;
 use std::path::PathBuf;
 
+use crate::connector::expect_connector;
+use aws_smithy_types::retry::RetryConfig;
 use ring::digest;
 use zeroize::Zeroizing;
 
-impl crate::provider_config::ProviderConfig {
-    pub(crate) fn sso_client(
-        &self,
-    ) -> aws_smithy_client::Client<aws_smithy_client::erase::DynConnector, SsoMiddleware> {
-        use crate::connector::expect_connector;
-
-        let mut client_builder = aws_smithy_client::Client::builder()
-            .connector(expect_connector(self.connector(&Default::default())))
-            .middleware(SsoMiddleware::default());
-        client_builder.set_sleep_impl(self.sleep());
-        client_builder.build()
-    }
-}
-
 /// SSO Credentials Provider
 ///
 /// _Note: This provider is part of the default credentials chain and is integrated with the profile-file provider._
@@ -59,8 +45,8 @@ impl crate::provider_config::ProviderConfig {
 pub struct SsoCredentialsProvider {
     fs: Fs,
     env: Env,
-    sso_config: SsoConfig,
-    client: aws_smithy_client::Client<DynConnector, SsoMiddleware>,
+    sso_provider_config: SsoProviderConfig,
+    sso_config: SsoConfigBuilder,
 }
 
 impl SsoCredentialsProvider {
@@ -69,20 +55,36 @@ impl SsoCredentialsProvider {
         Builder::new()
     }
 
-    pub(crate) fn new(provider_config: &ProviderConfig, sso_config: SsoConfig) -> Self {
+    pub(crate) fn new(
+        provider_config: &ProviderConfig,
+        sso_provider_config: SsoProviderConfig,
+    ) -> Self {
         let fs = provider_config.fs();
         let env = provider_config.env();
 
+        let mut sso_config = SsoConfig::builder()
+            .http_connector(expect_connector(
+                provider_config.connector(&Default::default()),
+            ))
+            .retry_config(RetryConfig::standard());
+        sso_config.set_sleep_impl(provider_config.sleep());
+
         SsoCredentialsProvider {
             fs,
             env,
-            client: provider_config.sso_client(),
+            sso_provider_config,
             sso_config,
         }
     }
 
     async fn credentials(&self) -> provider::Result {
-        load_sso_credentials(&self.sso_config, &self.client, &self.env, &self.fs).await
+        load_sso_credentials(
+            &self.sso_provider_config,
+            &self.sso_config,
+            &self.env,
+            &self.fs,
+        )
+        .await
     }
 }
 
@@ -151,7 +153,7 @@ impl Builder {
     /// - [`region`](Self::region)
     pub fn build(self) -> SsoCredentialsProvider {
         let provider_config = self.provider_config.unwrap_or_default();
-        let sso_config = SsoConfig {
+        let sso_config = SsoProviderConfig {
             account_id: self.account_id.expect("account_id must be set"),
             role_name: self.role_name.expect("role_name must be set"),
             start_url: self.start_url.expect("start_url must be set"),
@@ -193,38 +195,34 @@ impl Error for LoadTokenError {
 }
 
 #[derive(Debug)]
-pub(crate) struct SsoConfig {
+pub(crate) struct SsoProviderConfig {
     pub(crate) account_id: String,
     pub(crate) role_name: String,
     pub(crate) start_url: String,
     pub(crate) region: Region,
 }
 
 async fn load_sso_credentials(
-    sso_config: &SsoConfig,
-    sso: &aws_smithy_client::Client<DynConnector, SsoMiddleware>,
+    sso_provider_config: &SsoProviderConfig,
+    sso_config: &SsoConfigBuilder,
     env: &Env,
     fs: &Fs,
 ) -> provider::Result {
-    let token = load_token(&sso_config.start_url, env, fs)
+    let token = load_token(&sso_provider_config.start_url, env, fs)
         .await
         .map_err(CredentialsError::provider_error)?;
-    let config = aws_sdk_sso::Config::builder()
-        .region(sso_config.region.clone())
+    let config = sso_config
+        .clone()
+        .region(sso_provider_config.region.clone())
         .build();
-    let operation = GetRoleCredentialsInput::builder()
-        .role_name(&sso_config.role_name)
+    // TODO(enableNewSmithyRuntime): Use `customize().config_override()` to set the region instead of creating a new client once middleware is removed
+    let client = SsoClient::from_conf(config);
+    let resp = client
+        .get_role_credentials()
+        .role_name(&sso_provider_config.role_name)
         .access_token(&*token.access_token)
-        .account_id(&sso_config.account_id)
-        .build()
-        .map_err(|err| {
-            CredentialsError::unhandled(format!("could not construct SSO token input: {}", err))
-        })?
-        .make_operation(&config)
-        .await
-        .map_err(CredentialsError::unhandled)?;
-    let resp = sso
-        .call(operation)
+        .account_id(&sso_provider_config.account_id)
+        .send()
         .await
         .map_err(CredentialsError::provider_error)?;
     let credentials: RoleCredentials = resp

@@ -5,23 +5,23 @@
 
 //! Credential provider augmentation through the AWS Security Token Service (STS).
 
-use crate::connector::expect_connector;
-use aws_sdk_sts::middleware::DefaultMiddleware;
-use aws_smithy_client::erase::DynConnector;
-use aws_smithy_client::Client;
-
 pub(crate) mod util;
 
 pub use assume_role::{AssumeRoleProvider, AssumeRoleProviderBuilder};
 
 mod assume_role;
 
+use crate::connector::expect_connector;
+use aws_sdk_sts::config::Builder as StsConfigBuilder;
+use aws_smithy_types::retry::RetryConfig;
+
 impl crate::provider_config::ProviderConfig {
-    pub(crate) fn sts_client(&self) -> Client<DynConnector, DefaultMiddleware> {
-        let mut builder = Client::builder()
-            .connector(expect_connector(self.connector(&Default::default())))
-            .middleware(DefaultMiddleware::default());
+    pub(crate) fn sts_client_config(&self) -> StsConfigBuilder {
+        let mut builder = aws_sdk_sts::Config::builder()
+            .http_connector(expect_connector(self.connector(&Default::default())))
+            .retry_config(RetryConfig::standard())
+            .region(self.region());
         builder.set_sleep_impl(self.sleep());
-        builder.build()
+        builder
     }
 }