Skip to content

feat(experimentalIdentityAndAuth): add experimentalIdentityAndAuth flag #5065

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 9, 2023
Merged

feat(experimentalIdentityAndAuth): add experimentalIdentityAndAuth flag #5065

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,17 @@ smithy=/Volumes/workplace/smithy
smithy-typescript=/Volumes/workplace/smithy-typescript
```

## Experimental Features

`aws-sdk-js-v3 ` uses `smithy-typescript` to generate code. `smithy-typescript` is under heavy development and has
experimental features that can affect `aws-sdk-js-v3`. These features are enabled via opt-in settings in `sdk-codegen`.
Note that any contributions related to these features MUST be reviewed carefully for opt-in behavior via feature flags
as to not break any existing customers. Here are the experimental features that are currently under development:

| Experimental Feature | Flag | Description |
| -------------------- | ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Identity & Auth | `experimentalIdentityAndAuth` | Standardize identity and auth integrations to match the Smithy specification (see [Authentication Traits](https://smithy.io/2.0/spec/authentication-traits.html)). Newer capabilities include support for multiple auth schemes, `@optionalAuth`, and standardized identity interfaces for authentication schemes both in code generation and TypeScript packages. In `smithy-typescript`, `@httpApiKeyAuth` will be updated to use the new standardized interfaces. In `aws-sdk-js-v3` (`smithy-typescript`'s largest customer), this will affect `@aws.auth#sigv4` and `@httpBearerAuth` implementations, but is planned to be completely backwards-compatible. |

## Build caching

Build caching is optionally available via Turborepo. See `turbo.json`.
Expand Down
27 changes: 23 additions & 4 deletions ...codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddAwsAuthPlugin.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,10 @@ public void addConfigInterfaceFields(
SymbolProvider symbolProvider,
TypeScriptWriter writer
) {
if (settings.getExperimentalIdentityAndAuth()) {
return;
}
// feat(experimentalIdentityAndAuth): control branch for @aws.auth#sigv4
ServiceShape service = settings.getService(model);
if (!isSigV4Service(service) && isAwsService(service)) {
ServiceTrait serviceTrait = service.getTrait(ServiceTrait.class).get();
Expand Down Expand Up @@ -120,12 +124,14 @@ public List<RuntimeClientPlugin> getClientPlugins() {
&& isAwsService(s)
&& !testServiceId(s, "STS")
&& !areAllOptionalAuthOperations(m, s))
.settingsPredicate((m, s, settings) -> !settings.getExperimentalIdentityAndAuth())
.build(),
RuntimeClientPlugin.builder()
.withConventions(AwsDependency.MIDDLEWARE_SIGNING.dependency, "SigV4Auth", HAS_CONFIG)
.servicePredicate((m, s) -> isSigV4Service(s)
&& !isAwsService(s)
&& !areAllOptionalAuthOperations(m, s))
.settingsPredicate((m, s, settings) -> !settings.getExperimentalIdentityAndAuth())
.build(),
RuntimeClientPlugin.builder()
.withConventions(AwsDependency.STS_MIDDLEWARE.dependency,
Expand All @@ -134,33 +140,38 @@ && isAwsService(s)
put("stsClientCtor", Symbol.builder().name("STSClient").build());
}})
.servicePredicate((m, s) -> testServiceId(s, "STS"))
.settingsPredicate((m, s, settings) -> !settings.getExperimentalIdentityAndAuth())
.build(),
RuntimeClientPlugin.builder()
.withConventions(AwsDependency.MIDDLEWARE_SIGNING.dependency, "AwsAuth", HAS_MIDDLEWARE)
// See operationUsesAwsAuth() below for AwsAuth Middleware customizations.
.servicePredicate((m, s) -> isSigV4Service(s)
&& isAwsService(s)
&& !testServiceId(s, "STS")
&& !hasOptionalAuthOperation(m, s)
).build(),
&& !hasOptionalAuthOperation(m, s))
.settingsPredicate((m, s, settings) -> !settings.getExperimentalIdentityAndAuth())
.build(),
RuntimeClientPlugin.builder()
.withConventions(AwsDependency.MIDDLEWARE_SIGNING.dependency, "SigV4Auth", HAS_MIDDLEWARE)
// See operationUsesAwsAuth() below for AwsAuth Middleware customizations.
.servicePredicate((m, s) -> isSigV4Service(s)
&& !isAwsService(s)
&& !hasOptionalAuthOperation(m, s)
).build(),
&& !hasOptionalAuthOperation(m, s))
.settingsPredicate((m, s, settings) -> !settings.getExperimentalIdentityAndAuth())
.build(),
RuntimeClientPlugin.builder()
.withConventions(AwsDependency.MIDDLEWARE_SIGNING.dependency, "AwsAuth", HAS_MIDDLEWARE)
.operationPredicate((m, s, o) -> isSigV4Service(s)
&& isAwsService(s)
&& operationUsesAwsAuth(m, s, o))
.settingsPredicate((m, s, settings) -> !settings.getExperimentalIdentityAndAuth())
.build(),
RuntimeClientPlugin.builder()
.withConventions(AwsDependency.MIDDLEWARE_SIGNING.dependency, "SigV4Auth", HAS_MIDDLEWARE)
.operationPredicate((m, s, o) -> isSigV4Service(s)
&& !isAwsService(s)
&& operationUsesAwsAuth(m, s, o))
.settingsPredicate((m, s, settings) -> !settings.getExperimentalIdentityAndAuth())
.build()

);
Expand All @@ -173,6 +184,10 @@ public Map<String, Consumer<TypeScriptWriter>> getRuntimeConfigWriters(
SymbolProvider symbolProvider,
LanguageTarget target
) {
if (settings.getExperimentalIdentityAndAuth()) {
return Collections.emptyMap();
}
// feat(experimentalIdentityAndAuth): control branch for @aws.auth#sigv4
ServiceShape service = settings.getService(model);
if (!isSigV4Service(service) || areAllOptionalAuthOperations(model, service)) {
return Collections.emptyMap();
Expand Down Expand Up @@ -219,6 +234,10 @@ public Map<String, Consumer<TypeScriptWriter>> getRuntimeConfigWriters(

@Override
public void customize(TypeScriptCodegenContext codegenContext) {
if (codegenContext.settings().getExperimentalIdentityAndAuth()) {
return;
}
// feat(experimentalIdentityAndAuth): control branch for @aws.auth#sigv4
TypeScriptSettings settings = codegenContext.settings();
Model model = codegenContext.model();
BiConsumer<String, Consumer<TypeScriptWriter>> writerFactory = codegenContext.writerDelegator()::useFileWriter;
Expand Down
8 changes: 8 additions & 0 deletions ...egen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddAwsRuntimeConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,10 @@ public void addConfigInterfaceFields(
writer.writeDocs("Enables FIPS compatible endpoints.")
.write("useFipsEndpoint?: boolean | __Provider<boolean>;\n");
}
if (settings.getExperimentalIdentityAndAuth()) {
return;
}
// feat(experimentalIdentityAndAuth): control branch for AWS config interface fields
if (isSigV4Service(settings, model)) {
writer.writeDocs(isAwsService(settings, model)
? "The AWS region to which this client will send requests"
Expand Down Expand Up @@ -134,6 +138,10 @@ private Map<String, Consumer<TypeScriptWriter>> getDefaultConfig(
if (!isSigV4Service(settings, model)) {
return Collections.emptyMap();
}
if (settings.getExperimentalIdentityAndAuth()) {
return Collections.emptyMap();
}
// feat(experimentalIdentityAndAuth): control branch for AWS runtime config
switch (target) {
case BROWSER:
return MapUtils.of("region", writer -> {
Expand Down
1 change: 1 addition & 0 deletions ...odegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddBuiltinPlugins.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ public List<RuntimeClientPlugin> getClientPlugins() {
RuntimeClientPlugin.builder()
.withConventions(TypeScriptDependency.CONFIG_RESOLVER.dependency, "Region", HAS_CONFIG)
.servicePredicate((m, s) -> isAwsService(s) || isSigV4Service(s))
.settingsPredicate((m, s, settings) -> !settings.getExperimentalIdentityAndAuth())
.build(),
// Only one of Endpoints or CustomEndpoints should be used
RuntimeClientPlugin.builder()
Expand Down
4 changes: 4 additions & 0 deletions ...gen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddEventBridgePlugin.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,10 @@ public Map<String, Consumer<TypeScriptWriter>> getRuntimeConfigWriters(TypeScrip
if (!testServiceId(settings.getService(model))) {
return Collections.emptyMap();
}
if (settings.getExperimentalIdentityAndAuth()) {
return Collections.emptyMap();
}
// feat(experimentalIdentityAndAuth): control branch for EventBridge runtime config
switch (target) {
case SHARED:
return MapUtils.of("signerConstructor", writer -> {
Expand Down
10 changes: 10 additions & 0 deletions .../java/software/amazon/smithy/aws/typescript/codegen/AddEventStreamHandlingDependency.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,11 +52,13 @@ public List<RuntimeClientPlugin> getClientPlugins() {
.withConventions(AwsDependency.MIDDLEWARE_EVENTSTREAM.dependency,
"EventStream", HAS_CONFIG)
.servicePredicate(AddEventStreamHandlingDependency::hasEventStreamInput)
.settingsPredicate((m, s, settings) -> !settings.getExperimentalIdentityAndAuth())
.build(),
RuntimeClientPlugin.builder()
.withConventions(AwsDependency.MIDDLEWARE_EVENTSTREAM.dependency,
"EventStream", HAS_MIDDLEWARE)
.operationPredicate(AddEventStreamHandlingDependency::hasEventStreamInput)
.settingsPredicate((m, s, settings) -> !settings.getExperimentalIdentityAndAuth())
.build()
);
}
Expand All @@ -68,6 +70,10 @@ public void addConfigInterfaceFields(
SymbolProvider symbolProvider,
TypeScriptWriter writer
) {
if (settings.getExperimentalIdentityAndAuth()) {
return;
}
// feat(experimentalIdentityAndAuth): control branch for event stream handler interface fields
if (hasEventStreamInput(model, settings.getService(model))) {
writer.addImport("EventStreamPayloadHandlerProvider", "__EventStreamPayloadHandlerProvider",
TypeScriptDependency.AWS_SDK_TYPES);
Expand All @@ -89,6 +95,10 @@ public Map<String, Consumer<TypeScriptWriter>> getRuntimeConfigWriters(
return Collections.emptyMap();
}

if (settings.getExperimentalIdentityAndAuth()) {
return Collections.emptyMap();
}
// feat(experimentalIdentityAndAuth): control branch for event stream handler runtime config
switch (target) {
case NODE:
return MapUtils.of("eventStreamPayloadHandlerProvider", writer -> {
Expand Down
8 changes: 8 additions & 0 deletions ...ript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddS3Config.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,10 @@ public void addConfigInterfaceFields(
if (!isS3(service)) {
return;
}
if (settings.getExperimentalIdentityAndAuth()) {
return;
}
// feat(experimentalIdentityAndAuth): control branch for S3 Config interface fields
writer.writeDocs("Whether to escape request path when signing the request.")
.write("signingEscapePath?: boolean;\n");
writer.writeDocs(
Expand All @@ -134,6 +138,10 @@ public Map<String, Consumer<TypeScriptWriter>> getRuntimeConfigWriters(
if (!isS3(settings.getService(model))) {
return Collections.emptyMap();
}
if (settings.getExperimentalIdentityAndAuth()) {
return Collections.emptyMap();
}
// feat(experimentalIdentityAndAuth): control branch for S3 Config runtime config
switch (target) {
case SHARED:
return MapUtils.of("signingEscapePath", writer -> {
Expand Down
4 changes: 4 additions & 0 deletions ...n/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddS3ControlDependency.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,10 @@ public Map<String, Consumer<TypeScriptWriter>> getRuntimeConfigWriters(
if (!isS3Control(settings.getService(model))) {
return Collections.emptyMap();
}
if (settings.getExperimentalIdentityAndAuth()) {
return Collections.emptyMap();
}
// feat(experimentalIdentityAndAuth): control branch for S3 Control signingEscapePath
switch (target) {
case SHARED:
return MapUtils.of("signingEscapePath", writer -> {
Expand Down
2 changes: 2 additions & 0 deletions ...degen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddTokenAuthPlugin.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,10 +36,12 @@ public List<RuntimeClientPlugin> getClientPlugins() {
RuntimeClientPlugin.builder()
.withConventions(AwsDependency.MIDDLEWARE_TOKEN.dependency, "Token", HAS_CONFIG)
.servicePredicate((m, s) -> isHttpBearerAuthService(s))
.settingsPredicate((m, s, settings) -> !settings.getExperimentalIdentityAndAuth())
.build(),
RuntimeClientPlugin.builder()
.withConventions(AwsDependency.MIDDLEWARE_TOKEN.dependency, "Token", HAS_MIDDLEWARE)
.servicePredicate((m, s) -> isHttpBearerAuthService(s))
.settingsPredicate((m, s, settings) -> !settings.getExperimentalIdentityAndAuth())
.build()
);
}
Expand Down