Add IAM Token Generation Utility for AxdbFrontend

Author: pandhera

docs/LaunchChangelog.md

@@ -453,6 +453,10 @@ The S3 client in 2.0 is drastically different from the client in 1.11, because i
 
 1. The class`RdsIamAuthTokenGenerator` has been replaced with `RdsUtilities#generateAuthenticationToken`.
 
+## 4.5. Axdbfrontend Changes
+
+1. The class `AxdbfrontendUtilities#generateAuthenticationToken` can now be used to generate an Authentication token to connect to a Xanadu database.
+
 # 5. Profile File Changes
 
 The parsing of the `~/.aws/config` and `~/.aws/credentials` has changed to more closely emulate that used by the AWS CLI.

services/axdbfrontend/src/main/java/software/amazon/awssdk/services/axdbfrontend/AxdbFrontendUtilities.java

@@ -0,0 +1,122 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.services.axdbfrontend;
+
+import java.util.function.Consumer;
+import software.amazon.awssdk.annotations.SdkPublicApi;
+import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
+import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
+import software.amazon.awssdk.identity.spi.IdentityProvider;
+import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.axdbfrontend.model.GenerateAuthenticationTokenRequest;
+
+/**
+ * Utilities for working with AxdbFrontend. An instance of this class can be created by:
+ * <p>
+ * 1) Using the low-level client {@link AxdbFrontendClient#utilities()} (or {@link AxdbFrontendAsyncClient#utilities()}} method.
+ * This is
+ * recommended as SDK will use the same configuration from the {@link AxdbFrontendClient} object to create the
+ * {@link AxdbFrontendUtilities}
+ * object.
+ *
+ * <pre>
+ * AxdbFrontendClient AxdbFrontendClient = AxdbFrontendClient.create();
+ * AxdbFrontendUtilities utilities = AxdbFrontendClient.utilities();
+ * </pre>
+ * </p>
+ *
+ * <p>
+ * 2) Directly using the {@link #builder()} method.
+ *
+ * <pre>
+ * AxdbFrontendUtilities utilities = AxdbFrontendUtilities.builder()
+ *  .credentialsProvider(DefaultCredentialsProvider.create())
+ *  .region(Region.US_WEST_2)
+ *  .build()
+ * </pre>
+ * </p>
+ *
+ * Note: This class does not make network calls.
+ */
+@SdkPublicApi
+public interface AxdbFrontendUtilities {
+    /**
+     * Create a builder that can be used to configure and create a {@link AxdbFrontendUtilities}.
+     */
+    static Builder builder() {
+        return new DefaultAxdbFrontendUtilities.DefaultBuilder();
+    }
+
+    /**
+     * Generates an authentication token for IAM authentication to a Xanadu database.
+     *
+     * @param request The request used to generate the authentication token
+     * @return String to use as the AxdbFrontend authentication token
+     * @throws IllegalArgumentException if the required parameters are not valid
+     */
+    default String generateAuthenticationToken(Consumer<GenerateAuthenticationTokenRequest.Builder> request) {
+        return generateAuthenticationToken(GenerateAuthenticationTokenRequest.builder().applyMutation(request).build());
+    }
+
+    /**
+     * Generates an authentication token for IAM authentication to an Xanadu database.
+     *
+     * @param request The request used to generate the authentication token
+     * @return String to use as the AxdbFrontend authentication token
+     * @throws IllegalArgumentException if the required parameters are not valid
+     */
+    default String generateAuthenticationToken(GenerateAuthenticationTokenRequest request) {
+        throw new UnsupportedOperationException();
+    }
+
+    /**
+     * Builder for creating an instance of {@link AxdbFrontendUtilities}. It can be configured using
+     * {@link AxdbFrontendUtilities#builder()}.
+     * Once configured, the {@link AxdbFrontendUtilities} can created using {@link #build()}.
+     */
+    @SdkPublicApi
+    interface Builder {
+        /**
+         * The default region to use when working with the methods in {@link AxdbFrontendUtilities} class.
+         *
+         * @return This object for method chaining
+         */
+        Builder region(Region region);
+
+        /**
+         * The default credentials provider to use when working with the methods in {@link AxdbFrontendUtilities} class.
+         *
+         * @return This object for method chaining
+         */
+        default Builder credentialsProvider(AwsCredentialsProvider credentialsProvider) {
+            return credentialsProvider((IdentityProvider<? extends AwsCredentialsIdentity>) credentialsProvider);
+        }
+
+        /**
+         * The default credentials provider to use when working with the methods in {@link AxdbFrontendUtilities} class.
+         *
+         * @return This object for method chaining
+         */
+        default Builder credentialsProvider(IdentityProvider<? extends AwsCredentialsIdentity> credentialsProvider) {
+            throw new UnsupportedOperationException();
+        }
+
+        /**
+         * Create a {@link AxdbFrontendUtilities}
+         */
+        AxdbFrontendUtilities build();
+    }
+}

services/axdbfrontend/src/main/java/software/amazon/awssdk/services/axdbfrontend/DefaultAxdbFrontendUtilities.java

@@ -0,0 +1,157 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.services.axdbfrontend;
+
+import java.time.Clock;
+import java.time.Instant;
+import software.amazon.awssdk.annotations.Immutable;
+import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
+import software.amazon.awssdk.auth.credentials.CredentialUtils;
+import software.amazon.awssdk.auth.signer.Aws4Signer;
+import software.amazon.awssdk.auth.signer.params.Aws4PresignerParams;
+import software.amazon.awssdk.awscore.client.config.AwsClientOption;
+import software.amazon.awssdk.core.client.config.SdkClientConfiguration;
+import software.amazon.awssdk.http.SdkHttpFullRequest;
+import software.amazon.awssdk.http.SdkHttpMethod;
+import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
+import software.amazon.awssdk.identity.spi.IdentityProvider;
+import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.axdbfrontend.model.GenerateAuthenticationTokenRequest;
+import software.amazon.awssdk.utils.CompletableFutureUtils;
+import software.amazon.awssdk.utils.Logger;
+import software.amazon.awssdk.utils.StringUtils;
+
+@Immutable
+@SdkInternalApi
+final class DefaultAxdbFrontendUtilities implements AxdbFrontendUtilities {
+    private static final Logger log = Logger.loggerFor(AxdbFrontendUtilities.class);
+    private final Aws4Signer signer = Aws4Signer.create();
+    private final Region region;
+    private final IdentityProvider<? extends AwsCredentialsIdentity> credentialsProvider;
+    private final Clock clock;
+
+    DefaultAxdbFrontendUtilities(DefaultBuilder builder) {
+        this(builder, Clock.systemUTC());
+    }
+
+    /**
+     * For testing purposes only
+     */
+    DefaultAxdbFrontendUtilities(DefaultBuilder builder, Clock clock) {
+        this.credentialsProvider = builder.credentialsProvider;
+        this.region = builder.region;
+        this.clock = clock;
+    }
+
+    /**
+     * Used by AxdbFrontend low-level client's utilities() method
+     */
+    @SdkInternalApi
+    static AxdbFrontendUtilities create(SdkClientConfiguration clientConfiguration) {
+        return new DefaultBuilder().clientConfiguration(clientConfiguration).build();
+    }
+
+    @Override
+    public String generateAuthenticationToken(GenerateAuthenticationTokenRequest request) {
+        SdkHttpFullRequest httpRequest = SdkHttpFullRequest.builder()
+                                                           .method(SdkHttpMethod.GET)
+                                                           .protocol("https")
+                                                           .host(request.hostname())
+                                                           .encodedPath("/")
+                                                           .putRawQueryParameter("Action", request.action().name())
+                                                           .build();
+
+        Instant expirationTime = Instant.now(clock).plus(request.expiresIn());
+
+        Aws4PresignerParams presignRequest = Aws4PresignerParams.builder()
+                                                                .signingClockOverride(clock)
+                                                                .expirationTime(expirationTime)
+                                                                .awsCredentials(resolveCredentials(request))
+                                                                .signingName("xanadu")
+                                                                .signingRegion(resolveRegion(request))
+                                                                .build();
+
+        SdkHttpFullRequest fullRequest = signer.presign(httpRequest, presignRequest);
+        String signedUrl = fullRequest.getUri().toString();
+
+        String result = StringUtils.replacePrefixIgnoreCase(signedUrl, "https://", "");
+        return result;
+    }
+
+    private Region resolveRegion(GenerateAuthenticationTokenRequest request) {
+        if (request.region() != null) {
+            return request.region();
+        }
+
+        if (this.region != null) {
+            return this.region;
+        }
+
+        throw new IllegalArgumentException("Region should be provided either in GenerateAuthenticationTokenRequest object " +
+                                           "or AxdbFrontendUtilities object");
+    }
+
+    private AwsCredentials resolveCredentials(GenerateAuthenticationTokenRequest request) {
+        if (request.credentialsIdentityProvider() != null) {
+            return CredentialUtils.toCredentials(
+                CompletableFutureUtils.joinLikeSync(request.credentialsIdentityProvider().resolveIdentity()));
+        }
+
+        if (this.credentialsProvider != null) {
+            return CredentialUtils.toCredentials(CompletableFutureUtils.joinLikeSync(this.credentialsProvider.resolveIdentity()));
+        }
+
+        throw new IllegalArgumentException("CredentialProvider should be provided either in GenerateAuthenticationTokenRequest " +
+                                           "object or AxdbFrontendUtilities object");
+    }
+
+    @SdkInternalApi
+    static final class DefaultBuilder implements Builder {
+        private Region region;
+        private IdentityProvider<? extends AwsCredentialsIdentity> credentialsProvider;
+
+        DefaultBuilder() {
+        }
+
+        Builder clientConfiguration(SdkClientConfiguration clientConfiguration) {
+            this.credentialsProvider = clientConfiguration.option(AwsClientOption.CREDENTIALS_IDENTITY_PROVIDER);
+            this.region = clientConfiguration.option(AwsClientOption.AWS_REGION);
+
+            return this;
+        }
+
+        @Override
+        public Builder region(Region region) {
+            this.region = region;
+            return this;
+        }
+
+        @Override
+        public Builder credentialsProvider(IdentityProvider<? extends AwsCredentialsIdentity> credentialsProvider) {
+            this.credentialsProvider = credentialsProvider;
+            return this;
+        }
+
+        /**
+         * Construct a {@link AxdbFrontendUtilities} object.
+         */
+        @Override
+        public AxdbFrontendUtilities build() {
+            return new DefaultAxdbFrontendUtilities(this);
+        }
+    }
+}

services/axdbfrontend/src/main/java/software/amazon/awssdk/services/axdbfrontend/model/Action.java

@@ -0,0 +1,36 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.services.axdbfrontend.model;
+
+import java.io.Serializable;
+
+/**
+ * Enumerations of possible actions that can be performed on a Xanadu database.
+ */
+public enum Action implements Serializable {
+    DbConnect,
+    DbConnectSuperuser;
+
+    public static Action variant(String value) {
+        if (value.equalsIgnoreCase(Action.DbConnect.name())) {
+            return Action.DbConnect;
+        } else if (value.equalsIgnoreCase(Action.DbConnectSuperuser.name())) {
+            return Action.DbConnectSuperuser;
+        } else {
+            throw new IllegalArgumentException("Invalid action: " + value);
+        }
+    }
+}