Merge pull request #3164 from aws/cherry-pick-pr

Add IAM Token Generation Utility for AxdbFrontend

Author: davidh44

.changes/next-release/feature-AxdbFrontend-d6ce1e6.json

@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "AxdbFrontend",
+    "contributor": "APandher",
+    "description": "Add IAM Token Generation Utility for AxdbFrontend"
+}

services/axdbfrontend/pom.xml

@@ -41,6 +41,11 @@
         </plugins>
     </build>
     <dependencies>
+        <dependency>
+            <groupId>nl.jqno.equalsverifier</groupId>
+            <artifactId>equalsverifier</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>protocol-core</artifactId>

services/axdbfrontend/src/main/java/software/amazon/awssdk/services/axdbfrontend/AxdbFrontendUtilities.java

@@ -0,0 +1,121 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.services.axdbfrontend;
+
+import java.util.function.Consumer;
+import software.amazon.awssdk.annotations.SdkPublicApi;
+import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
+import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
+import software.amazon.awssdk.identity.spi.IdentityProvider;
+import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.axdbfrontend.internal.DefaultAxdbFrontendUtilities;
+import software.amazon.awssdk.services.axdbfrontend.model.GenerateAuthenticationTokenRequest;
+
+/**
+ * Utilities for working with AxdbFrontend. An instance of this class can be created by:
+ * <p>
+ * 1) Using the low-level client {@link AxdbFrontendClient#utilities()} (or {@link AxdbFrontendAsyncClient#utilities()}} method.
+ * This is recommended as SDK will use the same configuration from the {@link AxdbFrontendClient} object to create the
+ * {@link AxdbFrontendUtilities} object.
+ *
+ * @snippet :
+ * {@code
+ * AxdbFrontendClient AxdbFrontendClient = AxdbFrontendClient.create();
+ * AxdbFrontendUtilities utilities = AxdbFrontendClient.utilities();
+ * }
+ *
+ * <p>
+ * 2) Directly using the {@link #builder()} method.
+ *
+ * @snippet :
+ * {@code
+ * AxdbFrontendUtilities utilities = AxdbFrontendUtilities.builder()
+ *  .credentialsProvider(DefaultCredentialsProvider.create())
+ *  .region(Region.US_WEST_2)
+ *  .build()
+ * }
+ *
+ * Note: This class does not make network calls.
+ */
+@SdkPublicApi
+public interface AxdbFrontendUtilities {
+    /**
+     * Create a builder that can be used to configure and create a {@link AxdbFrontendUtilities}.
+     */
+    static Builder builder() {
+        return new DefaultAxdbFrontendUtilities.DefaultBuilder();
+    }
+
+    /**
+     * Generates an authentication token for IAM authentication to an AxdbFrontend database.
+     *
+     * @param request The request used to generate the authentication token
+     * @return String to use as the AxdbFrontend authentication token
+     * @throws IllegalArgumentException if the required parameters are not valid
+     */
+    default String generateAuthenticationToken(Consumer<GenerateAuthenticationTokenRequest.Builder> request) {
+        return generateAuthenticationToken(GenerateAuthenticationTokenRequest.builder().applyMutation(request).build());
+    }
+
+    /**
+     * Generates an authentication token for IAM authentication to an AxdbFrontend database.
+     *
+     * @param request The request used to generate the authentication token
+     * @return String to use as the AxdbFrontend authentication token
+     * @throws IllegalArgumentException if the required parameters are not valid
+     */
+    default String generateAuthenticationToken(GenerateAuthenticationTokenRequest request) {
+        throw new UnsupportedOperationException();
+    }
+
+    /**
+     * Builder for creating an instance of {@link AxdbFrontendUtilities}. It can be configured using
+     * {@link AxdbFrontendUtilities#builder()}.
+     * Once configured, the {@link AxdbFrontendUtilities} can created using {@link #build()}.
+     */
+    @SdkPublicApi
+    interface Builder {
+        /**
+         * The default region to use when working with the methods in {@link AxdbFrontendUtilities} class.
+         *
+         * @return This object for method chaining
+         */
+        Builder region(Region region);
+
+        /**
+         * The default credentials provider to use when working with the methods in {@link AxdbFrontendUtilities} class.
+         *
+         * @return This object for method chaining
+         */
+        default Builder credentialsProvider(AwsCredentialsProvider credentialsProvider) {
+            return credentialsProvider((IdentityProvider<? extends AwsCredentialsIdentity>) credentialsProvider);
+        }
+
+        /**
+         * The default credentials provider to use when working with the methods in {@link AxdbFrontendUtilities} class.
+         *
+         * @return This object for method chaining
+         */
+        default Builder credentialsProvider(IdentityProvider<? extends AwsCredentialsIdentity> credentialsProvider) {
+            throw new UnsupportedOperationException();
+        }
+
+        /**
+         * Create a {@link AxdbFrontendUtilities}
+         */
+        AxdbFrontendUtilities build();
+    }
+}

services/axdbfrontend/src/main/java/software/amazon/awssdk/services/axdbfrontend/internal/DefaultAxdbFrontendUtilities.java

@@ -0,0 +1,159 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.services.axdbfrontend.internal;
+
+import java.time.Clock;
+import java.time.Instant;
+import software.amazon.awssdk.annotations.Immutable;
+import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
+import software.amazon.awssdk.auth.credentials.CredentialUtils;
+import software.amazon.awssdk.auth.signer.Aws4Signer;
+import software.amazon.awssdk.auth.signer.params.Aws4PresignerParams;
+import software.amazon.awssdk.awscore.client.config.AwsClientOption;
+import software.amazon.awssdk.core.client.config.SdkClientConfiguration;
+import software.amazon.awssdk.http.SdkHttpFullRequest;
+import software.amazon.awssdk.http.SdkHttpMethod;
+import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
+import software.amazon.awssdk.identity.spi.IdentityProvider;
+import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.axdbfrontend.AxdbFrontendUtilities;
+import software.amazon.awssdk.services.axdbfrontend.model.GenerateAuthenticationTokenRequest;
+import software.amazon.awssdk.utils.CompletableFutureUtils;
+import software.amazon.awssdk.utils.Logger;
+import software.amazon.awssdk.utils.StringUtils;
+
+@Immutable
+@SdkInternalApi
+public final class DefaultAxdbFrontendUtilities implements AxdbFrontendUtilities {
+    private static final Logger log = Logger.loggerFor(AxdbFrontendUtilities.class);
+    private final Aws4Signer signer = Aws4Signer.create();
+    private final Region region;
+    private final IdentityProvider<? extends AwsCredentialsIdentity> credentialsProvider;
+    private final Clock clock;
+
+    public DefaultAxdbFrontendUtilities(DefaultBuilder builder) {
+        this(builder, Clock.systemUTC());
+    }
+
+    /**
+     * For testing purposes only
+     */
+    public DefaultAxdbFrontendUtilities(DefaultBuilder builder, Clock clock) {
+        this.credentialsProvider = builder.credentialsProvider;
+        this.region = builder.region;
+        this.clock = clock;
+    }
+
+    /**
+     * Used by AxdbFrontend low-level client's utilities() method
+     */
+    @SdkInternalApi
+    static AxdbFrontendUtilities create(SdkClientConfiguration clientConfiguration) {
+        return new DefaultBuilder().clientConfiguration(clientConfiguration).build();
+    }
+
+    @Override
+    public String generateAuthenticationToken(GenerateAuthenticationTokenRequest request) {
+        SdkHttpFullRequest httpRequest = SdkHttpFullRequest.builder()
+                                                           .method(SdkHttpMethod.GET)
+                                                           .protocol("https")
+                                                           .host(request.hostname())
+                                                           .encodedPath("/")
+                                                           .putRawQueryParameter("Action", request.action().getAction())
+                                                           .build();
+
+        Instant expirationTime = Instant.now(clock).plus(request.expiresIn());
+
+        Aws4PresignerParams presignRequest = Aws4PresignerParams.builder()
+                                                                .signingClockOverride(clock)
+                                                                .expirationTime(expirationTime)
+                                                                .awsCredentials(resolveCredentials(request))
+                                                                .signingName("xanadu")
+                                                                .signingRegion(resolveRegion(request))
+                                                                .build();
+
+        SdkHttpFullRequest fullRequest = signer.presign(httpRequest, presignRequest);
+        String signedUrl = fullRequest.getUri().toString();
+
+        String result = StringUtils.replacePrefixIgnoreCase(signedUrl, "https://", "");
+        return result;
+    }
+
+    private Region resolveRegion(GenerateAuthenticationTokenRequest request) {
+        if (request.region() != null) {
+            return request.region();
+        }
+
+        if (this.region != null) {
+            return this.region;
+        }
+
+        throw new IllegalArgumentException("Region should be provided either in GenerateAuthenticationTokenRequest object " +
+                                           "or AxdbFrontendUtilities object");
+    }
+
+    // TODO: update this to use AwsCredentialsIdentity when we migrate Signers to accept the new type.
+    private AwsCredentials resolveCredentials(GenerateAuthenticationTokenRequest request) {
+        if (request.credentialsIdentityProvider() != null) {
+            return CredentialUtils.toCredentials(
+                CompletableFutureUtils.joinLikeSync(request.credentialsIdentityProvider().resolveIdentity()));
+        }
+
+        if (this.credentialsProvider != null) {
+            return CredentialUtils.toCredentials(CompletableFutureUtils.joinLikeSync(this.credentialsProvider.resolveIdentity()));
+        }
+
+        throw new IllegalArgumentException("CredentialProvider should be provided either in GenerateAuthenticationTokenRequest " +
+                                           "object or AxdbFrontendUtilities object");
+    }
+
+    @SdkInternalApi
+    public static final class DefaultBuilder implements Builder {
+        private Region region;
+        private IdentityProvider<? extends AwsCredentialsIdentity> credentialsProvider;
+
+        public DefaultBuilder() {
+        }
+
+        Builder clientConfiguration(SdkClientConfiguration clientConfiguration) {
+            this.credentialsProvider = clientConfiguration.option(AwsClientOption.CREDENTIALS_IDENTITY_PROVIDER);
+            this.region = clientConfiguration.option(AwsClientOption.AWS_REGION);
+
+            return this;
+        }
+
+        @Override
+        public Builder region(Region region) {
+            this.region = region;
+            return this;
+        }
+
+        @Override
+        public Builder credentialsProvider(IdentityProvider<? extends AwsCredentialsIdentity> credentialsProvider) {
+            this.credentialsProvider = credentialsProvider;
+            return this;
+        }
+
+        /**
+         * Construct a {@link AxdbFrontendUtilities} object.
+         */
+        @Override
+        public AxdbFrontendUtilities build() {
+            return new DefaultAxdbFrontendUtilities(this);
+        }
+    }
+}

services/axdbfrontend/src/main/java/software/amazon/awssdk/services/axdbfrontend/model/Action.java

@@ -0,0 +1,53 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.services.axdbfrontend.model;
+
+import java.io.Serializable;
+import software.amazon.awssdk.annotations.SdkPublicApi;
+
+/**
+ * Enumerations of possible actions that can be performed on an AxdbFrontend database.
+ */
+@SdkPublicApi
+public enum Action implements Serializable {
+    /**
+     * The action of connecting to an AxdbFrontend database using DbConnect
+     */
+    DB_CONNECT("DbConnect"),
+    /**
+     * The action of connecting to an AxdbFrontend database using DbConnectSuperuser
+     */
+    DB_CONNECT_SUPERUSER("DbConnectSuperuser");
+
+    private final String action;
+
+    Action(String action) {
+        this.action = action;
+    }
+
+    public String getAction() {
+        return action;
+    }
+
+    public static Action fromValue(String value) {
+        for (Action action : Action.values()) {
+            if (value.equalsIgnoreCase(action.name())) {
+                return action;
+            }
+        }
+        throw new IllegalArgumentException("Invalid action: " + value);
+    }
+}