feat(experimentalIdentityAndAuth): enable identity and auth by default

Author: Steven Yuan

CONTRIBUTING.md

@@ -149,9 +149,9 @@ experimental features that can affect `aws-sdk-js-v3`. These features are enable
 Note that any contributions related to these features MUST be reviewed carefully for opt-in behavior via feature flags
 as to not break any existing customers. Here are the experimental features that are currently under development:
 
-| Experimental Feature | Flag                          | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
-| -------------------- | ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Identity & Auth      | `experimentalIdentityAndAuth` | Standardize identity and auth integrations to match the Smithy specification (see [Authentication Traits](https://smithy.io/2.0/spec/authentication-traits.html)). Newer capabilities include support for multiple auth schemes, `@optionalAuth`, and standardized identity interfaces for authentication schemes both in code generation and TypeScript packages. In `smithy-typescript`, `@httpApiKeyAuth` will be updated to use the new standardized interfaces. In `aws-sdk-js-v3` (`smithy-typescript`'s largest customer), this will affect `@aws.auth#sigv4` and `@httpBearerAuth` implementations, but is planned to be completely backwards-compatible. |
+| Experimental Feature | Flag | Description |
+| -------------------- | ---- | ----------- |
+| N/A                  | N/A  | N/A         |
 
 ## Build caching
 

codegen/generic-client-test-codegen/model/weather.smithy

@@ -21,7 +21,7 @@ structure fakeProtocol {}
 service Weather {
     version: "2006-03-01"
     operations: [
-        // experimentalIdentityAndAuth
+        // Identity and Auth
         OnlyHttpApiKeyAuth
         OnlyHttpApiKeyAuthOptional
         OnlyHttpBearerAuth

codegen/generic-client-test-codegen/smithy-build.json

@@ -2,7 +2,7 @@
   "version": "1.0",
   "imports": ["model/echo.smithy"],
   "projections": {
-    "client-experimental-identity-and-auth": {
+    "client-identity-and-auth": {
       "transforms": [
         {
           "name": "includeServices",
@@ -13,7 +13,7 @@
       ],
       "plugins": {
         "typescript-codegen": {
-          "package": "@aws-sdk/weather-experimental-identity-and-auth",
+          "package": "@aws-sdk/weather",
           "packageVersion": "0.0.1",
           "packageJson": {
             "author": {
@@ -22,12 +22,11 @@
             },
             "license": "Apache-2.0"
           },
-          "private": true,
-          "experimentalIdentityAndAuth": true
+          "private": true
         }
       }
     },
-    "control-experimental-identity-and-auth": {
+    "client-legacy-auth": {
       "transforms": [
         {
           "name": "includeServices",
@@ -38,7 +37,7 @@
       ],
       "plugins": {
         "typescript-codegen": {
-          "package": "@aws-sdk/weather",
+          "package": "@aws-sdk/weather-legacy-auth",
           "packageVersion": "0.0.1",
           "packageJson": {
             "author": {
@@ -47,7 +46,8 @@
             },
             "license": "Apache-2.0"
           },
-          "private": true
+          "private": true,
+          "useLegacyAuth": true
         }
       }
     },

codegen/protocol-test-codegen/smithy-build.json

@@ -21,8 +21,7 @@
             },
             "license": "Apache-2.0"
           },
-          "private": true,
-          "experimentalIdentityAndAuth": true
+          "private": true
         }
       }
     },
@@ -46,8 +45,7 @@
             },
             "license": "Apache-2.0"
           },
-          "private": true,
-          "experimentalIdentityAndAuth": true
+          "private": true
         }
       }
     },
@@ -71,8 +69,7 @@
             },
             "license": "Apache-2.0"
           },
-          "private": true,
-          "experimentalIdentityAndAuth": true
+          "private": true
         }
       }
     },
@@ -96,8 +93,7 @@
             },
             "license": "Apache-2.0"
           },
-          "private": true,
-          "experimentalIdentityAndAuth": true
+          "private": true
         }
       }
     },
@@ -121,8 +117,7 @@
             },
             "license": "Apache-2.0"
           },
-          "private": true,
-          "experimentalIdentityAndAuth": true
+          "private": true
         }
       }
     },
@@ -146,8 +141,7 @@
             },
             "license": "Apache-2.0"
           },
-          "private": true,
-          "experimentalIdentityAndAuth": true
+          "private": true
         },
         "typescript-ssdk-codegen": {
           "package": "@aws-sdk/aws-restjson-server",
@@ -177,8 +171,7 @@
             },
             "license": "Apache-2.0"
           },
-          "private": true,
-          "experimentalIdentityAndAuth": true
+          "private": true
         }
       }
     },
@@ -202,8 +195,7 @@
             },
             "license": "Apache-2.0"
           },
-          "private": true,
-          "experimentalIdentityAndAuth": true
+          "private": true
         }
       }
     },
@@ -244,8 +236,7 @@
             },
             "license": "Apache-2.0"
           },
-          "private": true,
-          "experimentalIdentityAndAuth": true
+          "private": true
         }
       }
     }

codegen/sdk-codegen/build.gradle.kts

@@ -106,18 +106,6 @@ tasks.register("generate-smithy-build") {
                     File("smithy-aws-typescript-codegen/src/main/resources/software/amazon/smithy/aws/typescript/codegen/package.json.template")
                             .readText()
             ).expectObjectNode()
-            val nonExperimentalIdentityAndAuthServices = setOf(
-                // Services with EventStream input
-                "Lex Runtime V2",
-                "RekognitionStreaming",
-                "Transcribe Streaming",
-                // Endpoint Ruleset Auth Scheme Resolvers
-                "EventBridge",
-                "CloudFront KeyValueStore",
-                // S3
-                "S3",
-            )
-            check(nonExperimentalIdentityAndAuthServices.size == 6)
             val projectionContents = Node.objectNodeBuilder()
                     .withMember("imports", Node.fromStrings("${models.getAbsolutePath()}${File.separator}${file.name}"))
                     .withMember("plugins", Node.objectNode()
@@ -128,7 +116,6 @@ tasks.register("generate-smithy-build") {
                                     .withMember("packageJson", manifestOverwrites)
                                     .withMember("packageDescription", "AWS SDK for JavaScript "
                                         + clientName + " Client for Node.js, Browser and React Native")
-                                    .withMember("experimentalIdentityAndAuth", !nonExperimentalIdentityAndAuthServices.contains(serviceTrait.sdkId))
                                     .build()))
                     .build()
             projectionsBuilder.withMember(sdkId + "." + version.toLowerCase(), projectionContents)

codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddAwsAuthPlugin.java

@@ -56,7 +56,7 @@
 /**
  * Configure clients with AWS auth configurations and plugin.
  *
- * This is the existing control behavior for `experimentalIdentityAndAuth`.
+ * This is legacy auth behavior, and is no longer supported in development.
  */
 @SmithyInternalApi
 public final class AddAwsAuthPlugin implements TypeScriptIntegration {
@@ -68,11 +68,11 @@ public final class AddAwsAuthPlugin implements TypeScriptIntegration {
     private static final Logger LOGGER = Logger.getLogger(AddAwsAuthPlugin.class.getName());
 
     /**
-     * Integration should only be used if `experimentalIdentityAndAuth` flag is false.
+     * Integration should only be used if the `useLegacyAuth` flag is true.
      */
     @Override
     public boolean matchesSettings(TypeScriptSettings settings) {
-        return !settings.getExperimentalIdentityAndAuth();
+        return settings.useLegacyAuth();
     }
 
     @Override

codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddSigv4aPlugin.java

@@ -27,7 +27,7 @@ public final class AddSigv4aPlugin implements TypeScriptIntegration {
 
     @Override
     public boolean matchesSettings(TypeScriptSettings settings) {
-        return !settings.getExperimentalIdentityAndAuth();
+        return !!settings.useLegacyAuth();
     }
 
     public Map<String, Consumer<TypeScriptWriter>> getRuntimeConfigWriters(

codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddTokenAuthPlugin.java

@@ -29,17 +29,17 @@
 /**
  * Configure clients with Token auth configurations and plugin.
  *
- * This is the existing control behavior for `experimentalIdentityAndAuth`.
+ * This is legacy auth behavior, and is no longer supported in development.
  */
 @SmithyInternalApi
 public final class AddTokenAuthPlugin implements TypeScriptIntegration {
 
     /**
-     * Integration should only be used if `experimentalIdentityAndAuth` flag is false.
+     * Integration should only be used if the `useLegacyAuth` flag is true.
      */
     @Override
     public boolean matchesSettings(TypeScriptSettings settings) {
-        return !settings.getExperimentalIdentityAndAuth();
+        return settings.useLegacyAuth();
     }
 
     @Override

codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AwsDependency.java

@@ -91,7 +91,7 @@ public enum AwsDependency implements Dependency {
     // Conditionally added when EndpointRuleSetTrait is present
     UTIL_ENDPOINTS(NORMAL_DEPENDENCY, "@aws-sdk/util-endpoints"),
 
-    // feat(experimentalIdentityAndAuth): Conditionally added when @httpBearerAuth is used in an AWS service
+    // Conditionally added when @httpBearerAuth is used in an AWS service
     TOKEN_PROVIDERS(NORMAL_DEPENDENCY, "@aws-sdk/token-providers"),
     TYPES(NORMAL_DEPENDENCY, "@aws-sdk/types"),
     REGION_CONFIG_RESOLVER(NORMAL_DEPENDENCY, "@aws-sdk/region-config-resolver"),

codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/auth/http/integration/AddAwsDefaultSigningName.java

@@ -21,19 +21,17 @@
 
 /**
  * Configure clients with Default AWS Signing Name.
- *
- * This is the experimental behavior for `experimentalIdentityAndAuth`.
  */
 @SmithyInternalApi
 public final class AddAwsDefaultSigningName implements TypeScriptIntegration {
     private static final Logger LOGGER = Logger.getLogger(AddAwsDefaultSigningName.class.getName());
 
     /**
-     * Integration should only be used if `experimentalIdentityAndAuth` flag is true.
+     * Integration should be skipped if the `useLegacyAuth` flag is true.
      */
     @Override
     public boolean matchesSettings(TypeScriptSettings settings) {
-        return settings.getExperimentalIdentityAndAuth();
+        return !settings.useLegacyAuth();
     }
 
     @Override

codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/auth/http/integration/AddSTSAuthCustomizations.java

@@ -42,8 +42,6 @@
 
 /**
  * Add STS Auth customizations.
- *
- * This is the experimental behavior for `experimentalIdentityAndAuth`.
  */
 @SmithyInternalApi
 @SuppressWarnings("AbbreviationAsWordInName")
@@ -66,11 +64,11 @@ public final class AddSTSAuthCustomizations implements HttpAuthTypeScriptIntegra
     private static final String ROLE_ASSUMERS_TEST_FILE = "defaultRoleAssumers.spec";
 
     /**
-     * Integration should only be used if `experimentalIdentityAndAuth` flag is true.
+     * Integration should be skipped if the `useLegacyAuth` flag is true.
      */
     @Override
     public boolean matchesSettings(TypeScriptSettings settings) {
-        return settings.getExperimentalIdentityAndAuth() && isSTSService(settings.getService());
+        return !settings.useLegacyAuth() && isSTSService(settings.getService());
     }
 
     @Override

codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/auth/http/integration/AwsSdkCustomizeEndpointRuleSetHttpAuthSchemeProvider.java

@@ -36,6 +36,7 @@
 import software.amazon.smithy.typescript.codegen.auth.http.sections.HttpAuthSchemeParametersInterfaceCodeSection;
 import software.amazon.smithy.typescript.codegen.auth.http.sections.HttpAuthSchemeProviderInterfaceCodeSection;
 import software.amazon.smithy.typescript.codegen.endpointsV2.EndpointsV2Generator;
+import software.amazon.smithy.typescript.codegen.sections.PreCommandClassCodeSection;
 import software.amazon.smithy.typescript.codegen.sections.SmithyContextCodeSection;
 import software.amazon.smithy.utils.CodeInterceptor;
 import software.amazon.smithy.utils.CodeSection;
@@ -46,22 +47,21 @@
  *
  * This code generates `HttpAuthSchemeProvider` interfaces based on {@code @smithy.rules#endpointRuleSet} for
  * identity and auth purposes only.
- *
- * This is the experimental behavior for `experimentalIdentityAndAuth`.
  */
 @SmithyInternalApi
 public final class AwsSdkCustomizeEndpointRuleSetHttpAuthSchemeProvider implements HttpAuthTypeScriptIntegration {
     private static final Set<ShapeId> ENDPOINT_RULESET_HTTP_AUTH_SCHEME_SERVICES = Set.of(
         ShapeId.from("com.amazonaws.s3#AmazonS3"),
-        ShapeId.from("com.amazonaws.eventbridge#AWSEvents"));
+        ShapeId.from("com.amazonaws.eventbridge#AWSEvents"),
+        ShapeId.from("com.amazonaws.cloudfrontkeyvaluestore#CloudFrontKeyValueStore"));
     private static final ShapeId SIGV4A_ID = ShapeId.from("aws.auth#sigv4a");
 
     /**
-     * Integration should only be used if `experimentalIdentityAndAuth` flag is true.
+     * Integration should be skipped if the `useLegacyAuth` flag is true.
      */
     @Override
     public boolean matchesSettings(TypeScriptSettings settings) {
-        return settings.getExperimentalIdentityAndAuth()
+        return !settings.useLegacyAuth()
             && ENDPOINT_RULESET_HTTP_AUTH_SCHEME_SERVICES.contains(settings.getService());
     }
 
@@ -99,9 +99,13 @@ public List<? extends CodeInterceptor<? extends CodeSection, TypeScriptWriter>>
             TypeScriptCodegenContext codegenContext
     ) {
         return List.of(
+            CodeInterceptor.appender(PreCommandClassCodeSection.class, (w, s) -> {
+                w.write("// @ts-expect-error: Command class references itself");
+            }),
             CodeInterceptor.appender(SmithyContextCodeSection.class, (w, s) -> {
                 if (s.getService().hasTrait(EndpointRuleSetTrait.ID)) {
                     w.openBlock("endpointRuleSet: {", "},", () -> {
+                        w.write("// @ts-expect-error: built class has getEndpointParameterInstructions()");
                         w.write("getEndpointParameterInstructions: $T.getEndpointParameterInstructions,",
                             codegenContext.symbolProvider().toSymbol(s.getOperation()));
                     });

codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/auth/http/integration/AwsSdkCustomizeHttpBearerTokenAuth.java

@@ -23,18 +23,16 @@
 
 /**
  * Customize @httpBearerAuth for AWS SDKs.
- *
- * This is the experimental behavior for `experimentalIdentityAndAuth`.
  */
 @SmithyInternalApi
 public final class AwsSdkCustomizeHttpBearerTokenAuth implements HttpAuthTypeScriptIntegration {
 
     /**
-     * Integration should only be used if `experimentalIdentityAndAuth` flag is true.
+     * Integration should be skipped if the `useLegacyAuth` flag is true.
      */
     @Override
     public boolean matchesSettings(TypeScriptSettings settings) {
-        return settings.getExperimentalIdentityAndAuth();
+        return !settings.useLegacyAuth();
     }
 
     @Override

codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/auth/http/integration/AwsSdkCustomizeSigV4Auth.java

@@ -36,18 +36,16 @@
 
 /**
  * Customize @aws.auth#sigv4 for AWS SDKs.
- *
- * This is the experimental behavior for `experimentalIdentityAndAuth`.
  */
 @SmithyInternalApi
 public class AwsSdkCustomizeSigV4Auth implements HttpAuthTypeScriptIntegration {
 
     /**
-     * Integration should only be used if `experimentalIdentityAndAuth` flag is true.
+     * Integration should be skipped if the `useLegacyAuth` flag is true.
      */
     @Override
     public boolean matchesSettings(TypeScriptSettings settings) {
-        return settings.getExperimentalIdentityAndAuth();
+        return !settings.useLegacyAuth();
     }
 
     @Override