Integrate with CRT S3 express support

Author: zoewangg

pom.xml

@@ -116,7 +116,7 @@
         <rxjava.version>2.2.21</rxjava.version>
         <commons-codec.verion>1.15</commons-codec.verion>
         <jmh.version>1.29</jmh.version>
-        <awscrt.version>0.28.0</awscrt.version>
+        <awscrt.version>0.28.10</awscrt.version>
 
         <!--Test dependencies -->
         <junit5.version>5.10.0</junit5.version>

services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/crt/CrtS3ExpressNoOpAuthScheme.java

@@ -0,0 +1,78 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.services.s3.internal.crt;
+
+import java.util.concurrent.CompletableFuture;
+import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.http.auth.spi.signer.AsyncSignRequest;
+import software.amazon.awssdk.http.auth.spi.signer.AsyncSignedRequest;
+import software.amazon.awssdk.http.auth.spi.signer.HttpSigner;
+import software.amazon.awssdk.http.auth.spi.signer.SignRequest;
+import software.amazon.awssdk.http.auth.spi.signer.SignedRequest;
+import software.amazon.awssdk.identity.spi.IdentityProvider;
+import software.amazon.awssdk.identity.spi.IdentityProviders;
+import software.amazon.awssdk.identity.spi.ResolveIdentityRequest;
+import software.amazon.awssdk.services.s3.s3express.S3ExpressAuthScheme;
+import software.amazon.awssdk.services.s3.s3express.S3ExpressSessionCredentials;
+
+/**
+ * An implementation of {@link S3ExpressAuthScheme} that returns a noop {@link IdentityProvider}.
+ */
+@SdkInternalApi
+public final class CrtS3ExpressNoOpAuthScheme implements S3ExpressAuthScheme {
+    @Override
+    public String schemeId() {
+        return S3ExpressAuthScheme.SCHEME_ID;
+    }
+
+    @Override
+    public IdentityProvider<S3ExpressSessionCredentials> identityProvider(IdentityProviders providers) {
+        return NoOpIdentityProvider.INSTANCE;
+    }
+
+    @Override
+    public HttpSigner<S3ExpressSessionCredentials> signer() {
+        return NoOpSigner.INSTANCE;
+    }
+
+    private static final class NoOpIdentityProvider implements IdentityProvider<S3ExpressSessionCredentials> {
+        private static final NoOpIdentityProvider INSTANCE = new NoOpIdentityProvider();
+
+        @Override
+        public Class<S3ExpressSessionCredentials> identityType() {
+            return S3ExpressSessionCredentials.class;
+        }
+
+        @Override
+        public CompletableFuture<? extends S3ExpressSessionCredentials> resolveIdentity(ResolveIdentityRequest request) {
+            return CompletableFuture.completedFuture(null);
+        }
+    }
+
+    private static final class NoOpSigner implements HttpSigner<S3ExpressSessionCredentials>  {
+        private static final NoOpSigner INSTANCE = new NoOpSigner();
+
+        @Override
+        public SignedRequest sign(SignRequest<? extends S3ExpressSessionCredentials> request) {
+            throw new UnsupportedOperationException();
+        }
+
+        @Override
+        public CompletableFuture<AsyncSignedRequest> signAsync(AsyncSignRequest<? extends S3ExpressSessionCredentials> request) {
+            throw new UnsupportedOperationException();
+        }
+    }
+}

services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/crt/DefaultS3CrtAsyncClient.java

@@ -15,11 +15,14 @@
 
 package software.amazon.awssdk.services.s3.internal.crt;
 
+import static software.amazon.awssdk.auth.signer.AwsSignerExecutionAttribute.SERVICE_SIGNING_NAME;
 import static software.amazon.awssdk.core.interceptor.SdkInternalExecutionAttribute.AUTH_SCHEMES;
 import static software.amazon.awssdk.core.interceptor.SdkInternalExecutionAttribute.SDK_HTTP_EXECUTION_ATTRIBUTES;
 import static software.amazon.awssdk.services.s3.internal.crt.S3InternalSdkHttpExecutionAttribute.HTTP_CHECKSUM;
 import static software.amazon.awssdk.services.s3.internal.crt.S3InternalSdkHttpExecutionAttribute.OPERATION_NAME;
+import static software.amazon.awssdk.services.s3.internal.crt.S3InternalSdkHttpExecutionAttribute.SIGNING_NAME;
 import static software.amazon.awssdk.services.s3.internal.crt.S3InternalSdkHttpExecutionAttribute.SIGNING_REGION;
+import static software.amazon.awssdk.services.s3.internal.crt.S3InternalSdkHttpExecutionAttribute.USE_S3_EXPRESS_AUTH;
 import static software.amazon.awssdk.services.s3.internal.crt.S3NativeClientConfiguration.DEFAULT_PART_SIZE_IN_BYTES;
 
 import java.net.URI;
@@ -58,6 +61,7 @@
 import software.amazon.awssdk.services.s3.crt.S3CrtHttpConfiguration;
 import software.amazon.awssdk.services.s3.crt.S3CrtRetryConfiguration;
 import software.amazon.awssdk.services.s3.internal.multipart.CopyObjectHelper;
+import software.amazon.awssdk.services.s3.internal.s3express.S3ExpressUtils;
 import software.amazon.awssdk.services.s3.model.CopyObjectRequest;
 import software.amazon.awssdk.services.s3.model.CopyObjectResponse;
 import software.amazon.awssdk.services.s3.model.GetObjectRequest;
@@ -129,6 +133,7 @@ private static S3AsyncClient initializeS3AsyncClient(DefaultS3CrtClientBuilder b
                             .accelerate(builder.accelerate)
                             .forcePathStyle(builder.forcePathStyle)
                             .crossRegionAccessEnabled(builder.crossRegionAccessEnabled)
+                            .putAuthScheme(new CrtS3ExpressNoOpAuthScheme())
                             .httpClientBuilder(initializeS3CrtAsyncHttpClient(builder))
                             .build();
     }
@@ -309,6 +314,8 @@ public void afterMarshalling(Context.AfterMarshalling context,
                        .put(SIGNING_REGION, executionAttributes.getAttribute(AwsSignerExecutionAttribute.SIGNING_REGION))
                        .put(S3InternalSdkHttpExecutionAttribute.OBJECT_FILE_PATH,
                             executionAttributes.getAttribute(OBJECT_FILE_PATH))
+                       .put(USE_S3_EXPRESS_AUTH, S3ExpressUtils.useS3ExpressAuthScheme(executionAttributes))
+                       .put(SIGNING_NAME, executionAttributes.getAttribute(SERVICE_SIGNING_NAME))
                        .build();
 
             // For putObject and getObject, we rely on CRT to perform checksum validation

services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/crt/S3CrtAsyncHttpClient.java

@@ -22,7 +22,9 @@
 import static software.amazon.awssdk.services.s3.internal.crt.S3InternalSdkHttpExecutionAttribute.HTTP_CHECKSUM;
 import static software.amazon.awssdk.services.s3.internal.crt.S3InternalSdkHttpExecutionAttribute.OBJECT_FILE_PATH;
 import static software.amazon.awssdk.services.s3.internal.crt.S3InternalSdkHttpExecutionAttribute.OPERATION_NAME;
+import static software.amazon.awssdk.services.s3.internal.crt.S3InternalSdkHttpExecutionAttribute.SIGNING_NAME;
 import static software.amazon.awssdk.services.s3.internal.crt.S3InternalSdkHttpExecutionAttribute.SIGNING_REGION;
+import static software.amazon.awssdk.services.s3.internal.crt.S3InternalSdkHttpExecutionAttribute.USE_S3_EXPRESS_AUTH;
 import static software.amazon.awssdk.utils.FunctionalUtils.invokeSafely;
 
 import java.net.URI;
@@ -46,6 +48,7 @@
 import software.amazon.awssdk.crt.s3.S3MetaRequest;
 import software.amazon.awssdk.crt.s3.S3MetaRequestOptions;
 import software.amazon.awssdk.http.Header;
+import software.amazon.awssdk.http.SdkHttpExecutionAttributes;
 import software.amazon.awssdk.http.SdkHttpRequest;
 import software.amazon.awssdk.http.async.AsyncExecuteRequest;
 import software.amazon.awssdk.http.async.SdkAsyncHttpClient;
@@ -70,9 +73,28 @@ public final class S3CrtAsyncHttpClient implements SdkAsyncHttpClient {
 
     private S3CrtAsyncHttpClient(Builder builder) {
         s3NativeClientConfiguration = builder.clientConfiguration;
+        this.s3ClientOptions = createS3ClientOption();
+
+        this.crtS3Client = new S3Client(s3ClientOptions);
+    }
+
+    @SdkTestInternalApi
+    S3CrtAsyncHttpClient(S3Client crtS3Client,
+                         Builder builder) {
+        s3NativeClientConfiguration = builder.clientConfiguration;
+        s3ClientOptions = createS3ClientOption();
+        this.crtS3Client = crtS3Client;
+    }
+
+    @SdkTestInternalApi
+    public S3ClientOptions s3ClientOptions() {
+        return s3ClientOptions;
+    }
+
+    private S3ClientOptions createS3ClientOption() {
         Long initialWindowSize = s3NativeClientConfiguration.readBufferSizeInBytes();
 
-        this.s3ClientOptions =
+        S3ClientOptions options =
             new S3ClientOptions().withRegion(s3NativeClientConfiguration.signingRegion())
                                  .withEndpoint(s3NativeClientConfiguration.endpointOverride() == null ? null :
                                                s3NativeClientConfiguration.endpointOverride().toString())
@@ -82,80 +104,64 @@ private S3CrtAsyncHttpClient(Builder builder) {
                                  .withPartSize(s3NativeClientConfiguration.partSizeBytes())
                                  .withMultipartUploadThreshold(s3NativeClientConfiguration.thresholdInBytes())
                                  .withComputeContentMd5(false)
+                                 .withEnableS3Express(true)
                                  .withMaxConnections(s3NativeClientConfiguration.maxConcurrency())
                                  .withThroughputTargetGbps(s3NativeClientConfiguration.targetThroughputInGbps())
                                  .withInitialReadWindowSize(initialWindowSize)
                                  .withReadBackpressureEnabled(true);
 
         if (s3NativeClientConfiguration.standardRetryOptions() != null) {
-            this.s3ClientOptions.withStandardRetryOptions(s3NativeClientConfiguration.standardRetryOptions());
+            options.withStandardRetryOptions(s3NativeClientConfiguration.standardRetryOptions());
         }
         if (Boolean.FALSE.equals(s3NativeClientConfiguration.isUseEnvironmentVariableValues())) {
-            s3ClientOptions.withProxyEnvironmentVariableSetting(disabledHttpProxyEnvironmentVariableSetting());
+            options.withProxyEnvironmentVariableSetting(disabledHttpProxyEnvironmentVariableSetting());
         }
-        Optional.ofNullable(s3NativeClientConfiguration.proxyOptions()).ifPresent(s3ClientOptions::withProxyOptions);
+        Optional.ofNullable(s3NativeClientConfiguration.proxyOptions()).ifPresent(options::withProxyOptions);
         Optional.ofNullable(s3NativeClientConfiguration.connectionTimeout())
                 .map(Duration::toMillis)
                 .map(NumericUtils::saturatedCast)
-                .ifPresent(s3ClientOptions::withConnectTimeoutMs);
+                .ifPresent(options::withConnectTimeoutMs);
         Optional.ofNullable(s3NativeClientConfiguration.httpMonitoringOptions())
-                .ifPresent(s3ClientOptions::withHttpMonitoringOptions);
-
-        this.crtS3Client = new S3Client(s3ClientOptions);
-    }
-
-    @SdkTestInternalApi
-    S3CrtAsyncHttpClient(S3Client crtS3Client,
-                         S3NativeClientConfiguration nativeClientConfiguration) {
-        this.crtS3Client = crtS3Client;
-        this.s3NativeClientConfiguration = nativeClientConfiguration;
-        this.s3ClientOptions = null;
-    }
-
-    @SdkTestInternalApi
-    public S3ClientOptions s3ClientOptions() {
-        return s3ClientOptions;
+                .ifPresent(options::withHttpMonitoringOptions);
+        return options;
     }
 
     @Override
     public CompletableFuture<Void> execute(AsyncExecuteRequest asyncRequest) {
         CompletableFuture<Void> executeFuture = new CompletableFuture<>();
         URI uri = asyncRequest.request().getUri();
         HttpRequest httpRequest = toCrtRequest(asyncRequest);
+        SdkHttpExecutionAttributes httpExecutionAttributes = asyncRequest.httpExecutionAttributes();
         S3CrtResponseHandlerAdapter responseHandler =
             new S3CrtResponseHandlerAdapter(executeFuture,
                                             asyncRequest.responseHandler(),
-                                            asyncRequest.httpExecutionAttributes().getAttribute(CRT_PROGRESS_LISTENER));
+                                            httpExecutionAttributes.getAttribute(CRT_PROGRESS_LISTENER));
 
         S3MetaRequestOptions.MetaRequestType requestType = requestType(asyncRequest);
 
-        HttpChecksum httpChecksum = asyncRequest.httpExecutionAttributes().getAttribute(HTTP_CHECKSUM);
-        ResumeToken resumeToken = asyncRequest.httpExecutionAttributes().getAttribute(CRT_PAUSE_RESUME_TOKEN);
-        Region signingRegion = asyncRequest.httpExecutionAttributes().getAttribute(SIGNING_REGION);
-        Path requestFilePath = asyncRequest.httpExecutionAttributes().getAttribute(OBJECT_FILE_PATH);
+        HttpChecksum httpChecksum = httpExecutionAttributes.getAttribute(HTTP_CHECKSUM);
+        ResumeToken resumeToken = httpExecutionAttributes.getAttribute(CRT_PAUSE_RESUME_TOKEN);
+        Region signingRegion = httpExecutionAttributes.getAttribute(SIGNING_REGION);
+        Path requestFilePath = httpExecutionAttributes.getAttribute(OBJECT_FILE_PATH);
         ChecksumConfig checksumConfig =
             checksumConfig(httpChecksum, requestType, s3NativeClientConfiguration.checksumValidationEnabled());
         URI endpoint = getEndpoint(uri);
 
+        AwsSigningConfig defaultS3SigningConfig = awsSigningConfig(signingRegion, httpExecutionAttributes);
+
         S3MetaRequestOptions requestOptions = new S3MetaRequestOptions()
             .withHttpRequest(httpRequest)
             .withMetaRequestType(requestType)
             .withChecksumConfig(checksumConfig)
             .withEndpoint(endpoint)
             .withResponseHandler(responseHandler)
             .withResumeToken(resumeToken)
-            .withRequestFilePath(requestFilePath);
-
-        // Create a new SigningConfig object only if the signing region has changed from the previously configured region.
-        if (signingRegion != null && !s3ClientOptions.getRegion().equals(signingRegion.id())) {
-            requestOptions.withSigningConfig(
-                AwsSigningConfig.getDefaultS3SigningConfig(signingRegion.id(),
-                                                           s3ClientOptions.getCredentialsProvider()));
-        }
+            .withRequestFilePath(requestFilePath)
+            .withSigningConfig(defaultS3SigningConfig);
 
         S3MetaRequest s3MetaRequest = crtS3Client.makeMetaRequest(requestOptions);
         S3MetaRequestPauseObservable observable =
-            asyncRequest.httpExecutionAttributes().getAttribute(METAREQUEST_PAUSE_OBSERVABLE);
+            httpExecutionAttributes.getAttribute(METAREQUEST_PAUSE_OBSERVABLE);
 
         responseHandler.metaRequest(s3MetaRequest);
 
@@ -167,6 +173,22 @@ public CompletableFuture<Void> execute(AsyncExecuteRequest asyncRequest) {
         return executeFuture;
     }
 
+    private AwsSigningConfig awsSigningConfig(Region signingRegion, SdkHttpExecutionAttributes httpExecutionAttributes) {
+        AwsSigningConfig defaultS3SigningConfig =
+            AwsSigningConfig.getDefaultS3SigningConfig(s3ClientOptions.getRegion(), s3ClientOptions.getCredentialsProvider());
+
+        // Override the region only if the signing region has changed from the previously configured region.
+        if (signingRegion != null && !s3ClientOptions.getRegion().equals(signingRegion.id())) {
+            defaultS3SigningConfig.setRegion(signingRegion.id());
+        }
+
+        defaultS3SigningConfig.setService(httpExecutionAttributes.getAttribute(SIGNING_NAME));
+
+        if (Boolean.TRUE.equals(httpExecutionAttributes.getAttribute(USE_S3_EXPRESS_AUTH))) {
+            defaultS3SigningConfig.setAlgorithm(AwsSigningConfig.AwsSigningAlgorithm.SIGV4_S3EXPRESS);
+        }
+        return defaultS3SigningConfig;
+    }
 
     private static URI getEndpoint(URI uri) {
         return invokeSafely(() -> new URI(uri.getScheme(), null, uri.getHost(), uri.getPort(), null, null, null));

services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/crt/S3InternalSdkHttpExecutionAttribute.java

@@ -40,9 +40,14 @@ public final class S3InternalSdkHttpExecutionAttribute<T> extends SdkHttpExecuti
     public static final S3InternalSdkHttpExecutionAttribute<Region> SIGNING_REGION =
         new S3InternalSdkHttpExecutionAttribute<>(Region.class);
 
+    public static final S3InternalSdkHttpExecutionAttribute<String> SIGNING_NAME =
+        new S3InternalSdkHttpExecutionAttribute<>(String.class);
+
     public static final S3InternalSdkHttpExecutionAttribute<Path> OBJECT_FILE_PATH =
         new S3InternalSdkHttpExecutionAttribute<>(Path.class);
 
+    public static final S3InternalSdkHttpExecutionAttribute<Boolean> USE_S3_EXPRESS_AUTH =
+        new S3InternalSdkHttpExecutionAttribute<>(Boolean.class);
 
     private S3InternalSdkHttpExecutionAttribute(Class<T> valueClass) {
         super(valueClass);

services/s3/src/main/java/software/amazon/awssdk/services/s3/internal/s3express/S3ExpressUtils.java

@@ -15,11 +15,16 @@
 
 package software.amazon.awssdk.services.s3.internal.s3express;
 
+import static software.amazon.awssdk.core.interceptor.SdkInternalExecutionAttribute.SELECTED_AUTH_SCHEME;
+
 import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.core.SelectedAuthScheme;
 import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
 import software.amazon.awssdk.core.interceptor.SdkInternalExecutionAttribute;
 import software.amazon.awssdk.endpoints.Endpoint;
+import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeOption;
 import software.amazon.awssdk.services.s3.endpoints.internal.KnownS3ExpressEndpointProperty;
+import software.amazon.awssdk.services.s3.s3express.S3ExpressAuthScheme;
 
 @SdkInternalApi
 public final class S3ExpressUtils {
@@ -40,4 +45,16 @@ public static boolean useS3Express(ExecutionAttributes executionAttributes) {
         }
         return false;
     }
+
+    /**
+     * Whether aws.auth#sigv4-s3express is used or not
+     */
+    public static boolean useS3ExpressAuthScheme(ExecutionAttributes executionAttributes) {
+        SelectedAuthScheme<?> selectedAuthScheme = executionAttributes.getAttribute(SELECTED_AUTH_SCHEME);
+        if (selectedAuthScheme != null) {
+            AuthSchemeOption authSchemeOption = selectedAuthScheme.authSchemeOption();
+            return S3ExpressAuthScheme.SCHEME_ID.equals(authSchemeOption.schemeId());
+        }
+        return false;
+    }
 }