Merge branch 'feature/master/sra-identity-auth' into haydenbaker/sra-ia-signer-interfaces

Author: haydenbaker

core/http-auth-spi/pom.xml

@@ -54,6 +54,11 @@
             <artifactId>reactive-streams</artifactId>
             <version>${reactive-streams.version}</version>
         </dependency>
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>identity-spi</artifactId>
+            <version>${awsjavasdk.version}</version>
+        </dependency>
 
         <dependency>
             <groupId>org.junit.jupiter</groupId>
@@ -65,6 +70,11 @@
             <artifactId>equalsverifier</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>

core/http-auth-spi/src/main/java/software/amazon/awssdk/http/auth/spi/AsyncHttpSignRequest.java

@@ -0,0 +1,50 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.http.auth.spi;
+
+import java.nio.ByteBuffer;
+import org.reactivestreams.Publisher;
+import software.amazon.awssdk.annotations.Immutable;
+import software.amazon.awssdk.annotations.SdkPublicApi;
+import software.amazon.awssdk.annotations.ThreadSafe;
+import software.amazon.awssdk.http.auth.spi.internal.DefaultAsyncHttpSignRequest;
+import software.amazon.awssdk.identity.spi.Identity;
+import software.amazon.awssdk.utils.builder.SdkBuilder;
+
+/**
+ * Input parameters to sign a request with async payload, using {@link HttpSigner}.
+ *
+ * @param <IdentityT> The type of the identity.
+ */
+@SdkPublicApi
+@Immutable
+@ThreadSafe
+public interface AsyncHttpSignRequest<IdentityT extends Identity> extends HttpSignRequest<Publisher<ByteBuffer>, IdentityT> {
+    /**
+     * Get a new builder for creating a {@link AsyncHttpSignRequest}.
+     */
+    static <IdentityT extends Identity> Builder<IdentityT> builder(IdentityT identity) {
+        return new DefaultAsyncHttpSignRequest.BuilderImpl<>(identity);
+    }
+
+    /**
+     * A builder for a {@link AsyncHttpSignRequest}.
+     */
+    interface Builder<IdentityT extends Identity>
+        extends HttpSignRequest.Builder<Builder<IdentityT>, Publisher<ByteBuffer>, IdentityT>,
+                SdkBuilder<Builder<IdentityT>, AsyncHttpSignRequest<IdentityT>> {
+    }
+}

core/http-auth-spi/src/main/java/software/amazon/awssdk/http/auth/spi/AsyncSignedHttpRequest.java

@@ -0,0 +1,47 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.http.auth.spi;
+
+import java.nio.ByteBuffer;
+import org.reactivestreams.Publisher;
+import software.amazon.awssdk.annotations.Immutable;
+import software.amazon.awssdk.annotations.SdkPublicApi;
+import software.amazon.awssdk.annotations.ThreadSafe;
+import software.amazon.awssdk.http.auth.spi.internal.DefaultAsyncSignedHttpRequest;
+import software.amazon.awssdk.utils.builder.SdkBuilder;
+
+/**
+ * Represents a request with async payload that has been signed by {@link HttpSigner}.
+ */
+@SdkPublicApi
+@Immutable
+@ThreadSafe
+public interface AsyncSignedHttpRequest extends SignedHttpRequest<Publisher<ByteBuffer>> {
+
+    /**
+     * Get a new builder for creating a {@link AsyncSignedHttpRequest}.
+     */
+    static Builder builder() {
+        return new DefaultAsyncSignedHttpRequest.BuilderImpl();
+    }
+
+    /**
+     * A builder for a {@link AsyncSignedHttpRequest}.
+     */
+    interface Builder extends SignedHttpRequest.Builder<Builder, Publisher<ByteBuffer>>,
+                              SdkBuilder<Builder, AsyncSignedHttpRequest> {
+    }
+}

core/http-auth-spi/src/main/java/software/amazon/awssdk/http/auth/spi/HttpAuthOption.java

@@ -0,0 +1,90 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.http.auth.spi;
+
+import software.amazon.awssdk.annotations.SdkProtectedApi;
+import software.amazon.awssdk.http.auth.spi.internal.DefaultHttpAuthOption;
+import software.amazon.awssdk.identity.spi.IdentityProperty;
+import software.amazon.awssdk.utils.builder.SdkBuilder;
+
+/**
+ * An authentication scheme option, composed of the scheme ID and properties for use when resolving the identity and signing
+ * the request.
+ * <p>
+ * This is used in the output from the auth scheme resolver. The resolver returns a list of these, in the order the auth scheme
+ * resolver wishes to use them.
+ *
+ * @see HttpAuthScheme
+ */
+@SdkProtectedApi
+public interface HttpAuthOption {
+
+    /**
+     * Get a new builder for creating a {@link HttpAuthOption}.
+     */
+    static Builder builder() {
+        return new DefaultHttpAuthOption.BuilderImpl();
+    }
+
+    /**
+     * Retrieve the scheme ID, a unique identifier for the authentication scheme (aws.auth#sigv4, smithy.api#httpBearerAuth).
+     */
+    String schemeId();
+
+    /**
+     * Retrieve the value of an {@link IdentityProperty}.
+     */
+    <T> T identityProperty(IdentityProperty<T> property);
+
+    /**
+     * Retrieve the value of an {@link SignerProperty}.
+     */
+    <T> T signerProperty(SignerProperty<T> property);
+
+    /**
+     * A method to operate on all {@link IdentityProperty} values of this HttpAuthOption.
+     */
+    <T> void forEachIdentityProperty(IdentityPropertyConsumer consumer);
+
+    /**
+     * A method to operate on all {@link SignerProperty} values of this HttpAuthOption.
+     */
+    <T> void forEachSignerProperty(SignerPropertyConsumer consumer);
+
+    /**
+     * Interface for operating on an {@link IdentityProperty} value.
+     */
+    @FunctionalInterface
+    interface IdentityPropertyConsumer {
+        <T> void accept(IdentityProperty<T> propertyKey, T propertyValue);
+    }
+
+    /**
+     * Interface for operating on an {@link SignerProperty} value.
+     */
+    @FunctionalInterface
+    interface SignerPropertyConsumer {
+        <T> void accept(SignerProperty<T> propertyKey, T propertyValue);
+    }
+
+    interface Builder extends SdkBuilder<Builder, HttpAuthOption> {
+        Builder schemeId(String schemeId);
+
+        <T> Builder putIdentityProperty(IdentityProperty<T> key, T value);
+
+        <T> Builder putSignerProperty(SignerProperty<T> key, T value);
+    }
+}

core/http-auth-spi/src/main/java/software/amazon/awssdk/http/auth/spi/HttpAuthScheme.java

@@ -0,0 +1,62 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.http.auth.spi;
+
+import software.amazon.awssdk.annotations.SdkPublicApi;
+import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
+import software.amazon.awssdk.identity.spi.Identity;
+import software.amazon.awssdk.identity.spi.IdentityProvider;
+import software.amazon.awssdk.identity.spi.TokenIdentity;
+
+/**
+ * An authentication scheme, composed of:
+ * <ol>
+ *     <li>A scheme ID - A unique identifier for the authentication scheme.</li>
+ *     <li>An identity provider - An API that can be queried to acquire the customer's identity.</li>
+ *     <li>A signer - An API that can be used to sign HTTP requests.</li>
+ * </ol>
+ *
+ * @see IdentityProvider
+ * @see HttpSigner
+ *
+ * @param <T> The type of the {@link Identity} used by this authentication scheme.
+ */
+@SdkPublicApi
+public interface HttpAuthScheme<T extends Identity> {
+
+    /**
+     * Retrieve the scheme ID, a unique identifier for the authentication scheme (aws.auth#sigv4, smithy.api#httpBearerAuth).
+     */
+    String schemeId();
+
+    /**
+     * Retrieve the identity provider associated with this authentication scheme. The identity generated by this provider is
+     * guaranteed to be supported by the signer in this authentication scheme.
+     * <p>
+     * For example, if the scheme ID is aws.auth#sigv4, the provider returns an {@link AwsCredentialsIdentity}, if the scheme
+     * ID is httpBearerAuth, the provider returns a {@link TokenIdentity}.
+     * <p>
+     * Note, the returned identity provider may differ from the type of identity provider retrieved from the provided identity
+     * provider configuration.
+     */
+    IdentityProvider<T> identityProvider(IdentityProviderConfiguration providers);
+
+    /**
+     * Retrieve the signer associated with this authentication scheme. This signer is guaranteed to support the identity
+     * generated by the identity provider in this authentication scheme.
+     */
+    HttpSigner<T> signer();
+}

core/http-auth-spi/src/main/java/software/amazon/awssdk/http/auth/spi/HttpSignRequest.java

@@ -20,30 +20,18 @@
 import software.amazon.awssdk.annotations.SdkPublicApi;
 import software.amazon.awssdk.annotations.ThreadSafe;
 import software.amazon.awssdk.http.SdkHttpRequest;
-import software.amazon.awssdk.http.auth.spi.internal.DefaultHttpSignRequest;
-import software.amazon.awssdk.utils.builder.SdkBuilder;
+import software.amazon.awssdk.identity.spi.Identity;
 
 /**
- * Represents a request to be signed by {@link HttpSigner}.
+ * Input parameters to sign a request using {@link HttpSigner}.
  *
- * @param <PayloadT> The type of payload of this request.
+ * @param <PayloadT> The type of payload of the request.
+ * @param <IdentityT> The type of the identity.
  */
 @SdkPublicApi
 @Immutable
 @ThreadSafe
-public interface HttpSignRequest<PayloadT> {
-
-    /**
-     * Get a new builder for creating a {@link HttpSignRequest}.
-     */
-    static <PayloadT> Builder<PayloadT> builder(Class<PayloadT> payloadType) {
-        return new DefaultHttpSignRequest.BuilderImpl<>(payloadType);
-    }
-
-    /**
-     * Returns the type of the payload.
-     */
-    Class<PayloadT> payloadType();
+public interface HttpSignRequest<PayloadT, IdentityT extends Identity> {
 
     /**
      * Returns the HTTP request object, without the request body payload.
@@ -56,29 +44,38 @@ static <PayloadT> Builder<PayloadT> builder(Class<PayloadT> payloadType) {
     Optional<PayloadT> payload();
 
     /**
-     * Returns the property that the {@link HttpSigner} can use during signing.
+     * Returns the identity.
+     */
+    IdentityT identity();
+
+    /**
+     * Returns the value of a property that the {@link HttpSigner} can use during signing.
      */
     <T> T property(SignerProperty<T> property);
 
     /**
      * A builder for a {@link HttpSignRequest}.
      */
-    interface Builder<PayloadT> extends SdkBuilder<Builder<PayloadT>,
-            HttpSignRequest<PayloadT>> {
+    interface Builder<B extends Builder<B, PayloadT, IdentityT>, PayloadT, IdentityT extends Identity> {
 
         /**
          * Set the HTTP request object, without the request body payload.
          */
-        Builder<PayloadT> request(SdkHttpRequest request);
+        B request(SdkHttpRequest request);
 
         /**
          * Set the body payload of the request. A payload is optional. By default, the payload will be empty.
          */
-        Builder<PayloadT> payload(PayloadT payload);
+        B payload(PayloadT payload);
+
+        /**
+         * Set the identity of the request.
+         */
+        B identity(IdentityT identity);
 
         /**
          * Set a property that the {@link HttpSigner} can use during signing.
          */
-        <T> Builder<PayloadT> putProperty(SignerProperty<T> key, T value);
+        <T> B putProperty(SignerProperty<T> key, T value);
     }
 }