diff --git a/AWSSDKSwiftCLI/Sources/AWSSDKSwiftCLI/Resources/Package.Base.txt b/AWSSDKSwiftCLI/Sources/AWSSDKSwiftCLI/Resources/Package.Base.txt index 8afa25d5af1..877f54d292d 100644 --- a/AWSSDKSwiftCLI/Sources/AWSSDKSwiftCLI/Resources/Package.Base.txt +++ b/AWSSDKSwiftCLI/Sources/AWSSDKSwiftCLI/Resources/Package.Base.txt @@ -9,6 +9,7 @@ extension Target.Dependency { static var awsSDKEventStreamsAuth: Self { "AWSSDKEventStreamsAuth" } static var awsSDKHTTPAuth: Self { "AWSSDKHTTPAuth" } static var awsSDKIdentity: Self { "AWSSDKIdentity" } + static var awsSDKIdentityAPI: Self { "AWSSDKIdentityAPI" } static var awsSDKChecksums: Self { "AWSSDKChecksums" } static var awsSDKPartitions: Self { "AWSSDKPartitions" } @@ -59,7 +60,7 @@ let package = Package( // MARK: Products private var runtimeProducts: [Product] { - ["AWSClientRuntime", "AWSSDKCommon", "AWSSDKEventStreamsAuth", "AWSSDKHTTPAuth", "AWSSDKIdentity", "AWSSDKChecksums"] + ["AWSClientRuntime", "AWSSDKCommon", "AWSSDKEventStreamsAuth", "AWSSDKHTTPAuth", "AWSSDKIdentityAPI", "AWSSDKIdentity", "AWSSDKChecksums"] .map { .library(name: $0, targets: [$0]) } } @@ -105,6 +106,7 @@ private var runtimeTargets: [Target] { dependencies: [ .crt, .clientRuntime, + .smithyIdentity, .smithyRetriesAPI, .smithyRetries, .awsSDKCommon, @@ -120,21 +122,26 @@ private var runtimeTargets: [Target] { .target( name: "AWSSDKCommon", dependencies: [.crt], - path: "Sources/Core/AWSSDKCommon/Sources" + path: "Sources/Core/AWSSDKCommon/Sources/AWSSDKCommon" ), .target( name: "AWSSDKEventStreamsAuth", dependencies: [.smithyEventStreamsAPI, .smithyEventStreamsAuthAPI, .smithyEventStreams, .crt, .clientRuntime, "AWSSDKHTTPAuth"], - path: "Sources/Core/AWSSDKEventStreamsAuth/Sources" + path: "Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSDKEventStreamsAuth" ), .target( name: "AWSSDKHTTPAuth", - dependencies: [.crt, .smithy, .clientRuntime, .smithyHTTPAuth, "AWSSDKChecksums", "AWSSDKIdentity"], - path: "Sources/Core/AWSSDKHTTPAuth/Sources" + dependencies: [.crt, .smithy, .clientRuntime, .smithyHTTPAuth, .awsSDKIdentityAPI, "AWSSDKChecksums"], + path: "Sources/Core/AWSSDKHTTPAuth/Sources/AWSSDKHTTPAuth" + ), + .target( + name: "AWSSDKIdentityAPI", + dependencies: [.smithy, .smithyIdentityAPI], + path: "Sources/Core/AWSSDKIdentityAPI/Sources/AWSSDKIdentityAPI" ), .target( name: "AWSSDKIdentity", - dependencies: [.crt, .smithy, .clientRuntime, .smithyIdentity, .smithyIdentityAPI, .smithyHTTPAPI, .awsSDKCommon], + dependencies: [.awsSDKIdentityAPI, .crt, .smithy, .clientRuntime, .smithyIdentity, .smithyIdentityAPI, .smithyHTTPAPI, .awsSDKCommon, "InternalAWSSTS", "InternalAWSSSO", "InternalAWSSSOOIDC", ], path: "Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity" ), .target( @@ -154,7 +161,6 @@ private var runtimeTargets: [Target] { .smithyChecksums, .smithyWaitersAPI, .awsSDKCommon, - .awsSDKIdentity, .awsSDKHTTPAuth, .awsSDKEventStreamsAuth, .awsSDKChecksums, @@ -178,7 +184,6 @@ private var runtimeTargets: [Target] { .smithyChecksums, .smithyWaitersAPI, .awsSDKCommon, - .awsSDKIdentity, .awsSDKHTTPAuth, .awsSDKEventStreamsAuth, .awsSDKChecksums, @@ -202,7 +207,6 @@ private var runtimeTargets: [Target] { .smithyChecksums, .smithyWaitersAPI, .awsSDKCommon, - .awsSDKIdentity, .awsSDKHTTPAuth, .awsSDKEventStreamsAuth, .awsSDKChecksums, @@ -226,7 +230,7 @@ private var runtimeTestTargets: [Target] { return [ .testTarget( name: "AWSClientRuntimeTests", - dependencies: [.awsClientRuntime, .clientRuntime, .smithyTestUtils, .awsSDKCommon], + dependencies: [.awsClientRuntime, .clientRuntime, .smithyTestUtils, .awsSDKCommon, .awsSDKIdentity], path: "Sources/Core/AWSClientRuntime/Tests/AWSClientRuntimeTests", resources: [.process("Resources")] ), @@ -242,7 +246,7 @@ private var runtimeTestTargets: [Target] { ), .testTarget( name: "AWSSDKIdentityTests", - dependencies: [.smithy, .smithyIdentity, "AWSSDKIdentity", .awsClientRuntime], + dependencies: ["AWSSDKIdentity", .smithy, .smithyIdentity, .awsClientRuntime], path: "Sources/Core/AWSSDKIdentity/Tests/AWSSDKIdentityTests", resources: [.process("Resources")] ), @@ -267,13 +271,11 @@ private func target(_ service: String) -> Target { .smithyChecksums, .smithyWaitersAPI, .awsSDKCommon, + .awsSDKIdentityAPI, .awsSDKIdentity, .awsSDKHTTPAuth, .awsSDKEventStreamsAuth, .awsSDKChecksums, - "InternalAWSSTS", - "InternalAWSSSO", - "InternalAWSSSOOIDC", ], path: "Sources/Services/\(service)/Sources/\(service)" ) diff --git a/IntegrationTests/Package.swift b/IntegrationTests/Package.swift index d906823952f..d245cae772a 100644 --- a/IntegrationTests/Package.swift +++ b/IntegrationTests/Package.swift @@ -18,6 +18,7 @@ extension Target.Dependency { // AWS modules static var awsClientRuntime: Self { .product(name: "AWSClientRuntime", package: "aws-sdk-swift") } static var awsSDKCommon: Self { .product(name: "AWSSDKCommon", package: "aws-sdk-swift") } + static var awsSDKIdentityAPI: Self { .product(name: "AWSSDKIdentityAPI", package: "aws-sdk-swift") } static var awsSDKIdentity: Self { .product(name: "AWSSDKIdentity", package: "aws-sdk-swift") } // Smithy modules @@ -104,6 +105,7 @@ private func integrationTestTarget(_ name: String) -> Target { .awsClientRuntime, .smithyTestUtil, .awsSDKIdentity, + .awsSDKIdentityAPI, .smithyIdentity, .awsSDKCommon, .awsIntegrationTestUtils, diff --git a/IntegrationTests/Services/AWSBedrockRuntimeIntegrationTests/BedrockAPIKeyTests.swift b/IntegrationTests/Services/AWSBedrockRuntimeIntegrationTests/BedrockAPIKeyTests.swift index da1ffcdb679..0325edfb64a 100644 --- a/IntegrationTests/Services/AWSBedrockRuntimeIntegrationTests/BedrockAPIKeyTests.swift +++ b/IntegrationTests/Services/AWSBedrockRuntimeIntegrationTests/BedrockAPIKeyTests.swift @@ -14,7 +14,7 @@ final class BedrockAPIKeyIntegrationTests: XCTestCase { let envVarName = "AWS_BEARER_TOKEN_BEDROCK" let apiKeyDuration: TimeInterval = 600.0 - func xtest_apiKey_createsAPIKeyAndCallsWithIt() async throws { + func test_apiKey_createsAPIKeyAndCallsWithIt() async throws { // Set a Bedrock API token into the environment. let generator = BedrockAPIKeyGenerator(region: region, duration: apiKeyDuration) let token = try await generator.generate() diff --git a/IntegrationTests/Services/AWSS3IntegrationTests/S3ExpressConfigTests.swift b/IntegrationTests/Services/AWSS3IntegrationTests/S3ExpressConfigTests.swift index db08bb8eeb2..5202b837165 100644 --- a/IntegrationTests/Services/AWSS3IntegrationTests/S3ExpressConfigTests.swift +++ b/IntegrationTests/Services/AWSS3IntegrationTests/S3ExpressConfigTests.swift @@ -13,6 +13,7 @@ import SmithyHTTPAPI import SmithyHTTPAuthAPI import SmithyTestUtil import AWSSDKIdentity +import AWSSDKIdentityAPI import AWSSDKHTTPAuth // These tests confirm that the disableS3ExpressSessionAuth option @@ -146,7 +147,7 @@ class CheckSelectedAuthSchemeProvider: HttpInterceptorProvider { // CreateSession call before the GetObject. private actor MockS3ExpressIdentityResolver: S3ExpressIdentityResolver { - func getIdentity(identityProperties: Smithy.Attributes?) async throws -> AWSSDKIdentity.S3ExpressIdentity { + func getIdentity(identityProperties: Smithy.Attributes?) async throws -> S3ExpressIdentity { return S3ExpressIdentity( accessKeyID: "AKIAIOSFODNN7EXAMPLE", secretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", diff --git a/Package.swift b/Package.swift index bcdc6cafe29..6e4181416ed 100644 --- a/Package.swift +++ b/Package.swift @@ -449,6 +449,7 @@ extension Target.Dependency { static var awsSDKEventStreamsAuth: Self { "AWSSDKEventStreamsAuth" } static var awsSDKHTTPAuth: Self { "AWSSDKHTTPAuth" } static var awsSDKIdentity: Self { "AWSSDKIdentity" } + static var awsSDKIdentityAPI: Self { "AWSSDKIdentityAPI" } static var awsSDKChecksums: Self { "AWSSDKChecksums" } static var awsSDKPartitions: Self { "AWSSDKPartitions" } @@ -499,7 +500,7 @@ let package = Package( // MARK: Products private var runtimeProducts: [Product] { - ["AWSClientRuntime", "AWSSDKCommon", "AWSSDKEventStreamsAuth", "AWSSDKHTTPAuth", "AWSSDKIdentity", "AWSSDKChecksums"] + ["AWSClientRuntime", "AWSSDKCommon", "AWSSDKEventStreamsAuth", "AWSSDKHTTPAuth", "AWSSDKIdentityAPI", "AWSSDKIdentity", "AWSSDKChecksums"] .map { .library(name: $0, targets: [$0]) } } @@ -545,6 +546,7 @@ private var runtimeTargets: [Target] { dependencies: [ .crt, .clientRuntime, + .smithyIdentity, .smithyRetriesAPI, .smithyRetries, .awsSDKCommon, @@ -560,21 +562,26 @@ private var runtimeTargets: [Target] { .target( name: "AWSSDKCommon", dependencies: [.crt], - path: "Sources/Core/AWSSDKCommon/Sources" + path: "Sources/Core/AWSSDKCommon/Sources/AWSSDKCommon" ), .target( name: "AWSSDKEventStreamsAuth", dependencies: [.smithyEventStreamsAPI, .smithyEventStreamsAuthAPI, .smithyEventStreams, .crt, .clientRuntime, "AWSSDKHTTPAuth"], - path: "Sources/Core/AWSSDKEventStreamsAuth/Sources" + path: "Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSDKEventStreamsAuth" ), .target( name: "AWSSDKHTTPAuth", - dependencies: [.crt, .smithy, .clientRuntime, .smithyHTTPAuth, "AWSSDKChecksums", "AWSSDKIdentity"], - path: "Sources/Core/AWSSDKHTTPAuth/Sources" + dependencies: [.crt, .smithy, .clientRuntime, .smithyHTTPAuth, .awsSDKIdentityAPI, "AWSSDKChecksums"], + path: "Sources/Core/AWSSDKHTTPAuth/Sources/AWSSDKHTTPAuth" + ), + .target( + name: "AWSSDKIdentityAPI", + dependencies: [.smithy, .smithyIdentityAPI], + path: "Sources/Core/AWSSDKIdentityAPI/Sources/AWSSDKIdentityAPI" ), .target( name: "AWSSDKIdentity", - dependencies: [.crt, .smithy, .clientRuntime, .smithyIdentity, .smithyIdentityAPI, .smithyHTTPAPI, .awsSDKCommon], + dependencies: [.awsSDKIdentityAPI, .crt, .smithy, .clientRuntime, .smithyIdentity, .smithyIdentityAPI, .smithyHTTPAPI, .awsSDKCommon, "InternalAWSSTS", "InternalAWSSSO", "InternalAWSSSOOIDC", ], path: "Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity" ), .target( @@ -594,7 +601,6 @@ private var runtimeTargets: [Target] { .smithyChecksums, .smithyWaitersAPI, .awsSDKCommon, - .awsSDKIdentity, .awsSDKHTTPAuth, .awsSDKEventStreamsAuth, .awsSDKChecksums, @@ -618,7 +624,6 @@ private var runtimeTargets: [Target] { .smithyChecksums, .smithyWaitersAPI, .awsSDKCommon, - .awsSDKIdentity, .awsSDKHTTPAuth, .awsSDKEventStreamsAuth, .awsSDKChecksums, @@ -642,7 +647,6 @@ private var runtimeTargets: [Target] { .smithyChecksums, .smithyWaitersAPI, .awsSDKCommon, - .awsSDKIdentity, .awsSDKHTTPAuth, .awsSDKEventStreamsAuth, .awsSDKChecksums, @@ -666,7 +670,7 @@ private var runtimeTestTargets: [Target] { return [ .testTarget( name: "AWSClientRuntimeTests", - dependencies: [.awsClientRuntime, .clientRuntime, .smithyTestUtils, .awsSDKCommon], + dependencies: [.awsClientRuntime, .clientRuntime, .smithyTestUtils, .awsSDKCommon, .awsSDKIdentity], path: "Sources/Core/AWSClientRuntime/Tests/AWSClientRuntimeTests", resources: [.process("Resources")] ), @@ -682,7 +686,7 @@ private var runtimeTestTargets: [Target] { ), .testTarget( name: "AWSSDKIdentityTests", - dependencies: [.smithy, .smithyIdentity, "AWSSDKIdentity", .awsClientRuntime], + dependencies: ["AWSSDKIdentity", .smithy, .smithyIdentity, .awsClientRuntime], path: "Sources/Core/AWSSDKIdentity/Tests/AWSSDKIdentityTests", resources: [.process("Resources")] ), @@ -707,13 +711,11 @@ private func target(_ service: String) -> Target { .smithyChecksums, .smithyWaitersAPI, .awsSDKCommon, + .awsSDKIdentityAPI, .awsSDKIdentity, .awsSDKHTTPAuth, .awsSDKEventStreamsAuth, .awsSDKChecksums, - "InternalAWSSTS", - "InternalAWSSSO", - "InternalAWSSSOOIDC", ], path: "Sources/Services/\(service)/Sources/\(service)" ) diff --git a/Sources/Core/AWSClientRuntime/Sources/AWSClientRuntime/Customizations/BedrockAPIKeyInterceptor.swift b/Sources/Core/AWSClientRuntime/Sources/AWSClientRuntime/Customizations/BedrockAPIKeyInterceptor.swift index 3566ea005e8..951096e9bfa 100644 --- a/Sources/Core/AWSClientRuntime/Sources/AWSClientRuntime/Customizations/BedrockAPIKeyInterceptor.swift +++ b/Sources/Core/AWSClientRuntime/Sources/AWSClientRuntime/Customizations/BedrockAPIKeyInterceptor.swift @@ -6,13 +6,13 @@ // import class Foundation.ProcessInfo -import struct AWSSDKIdentity.DefaultBearerTokenIdentityResolverChain import protocol ClientRuntime.Interceptor import protocol ClientRuntime.AfterSerialization import struct Smithy.Attributes import struct Smithy.AttributeKey import class SmithyHTTPAPI.HTTPRequest import class SmithyHTTPAPI.HTTPResponse +@_spi(ClientConfigDefaultIdentityResolver) import protocol SmithyIdentityAPI.ClientConfigDefaultIdentityResolver import protocol SmithyIdentity.BearerTokenIdentityResolver import struct SmithyIdentity.BearerTokenIdentity import struct SmithyIdentity.StaticBearerTokenIdentityResolver @@ -37,10 +37,10 @@ public struct BedrockAPIKeyInterceptor: Interceptor { // If so, return immediately & use that instead of the Bedrock API token. let identityResolvers = attributes.getIdentityResolvers() ?? Attributes() let key = AttributeKey(name: "smithy.api#httpBearerAuth") - guard !identityResolvers.contains(key: key) || identityResolvers.get(key: key) is - DefaultBearerTokenIdentityResolverChain else { - return - } + let configuredResolver = identityResolvers.get(key: key) + let clientConfigDefaultIdentityResolver = configuredResolver as? any ClientConfigDefaultIdentityResolver + let configuredResolverIsDefault = clientConfigDefaultIdentityResolver?.isClientConfigDefault ?? false + guard configuredResolver == nil || configuredResolverIsDefault else { return } // Create a bearer token identity resolver with the resolved token, then // store it in the context. diff --git a/Sources/Core/AWSClientRuntime/Tests/AWSClientRuntimeTests/Customizations/BedrockAPIKeyInterceptorTests.swift b/Sources/Core/AWSClientRuntime/Tests/AWSClientRuntimeTests/Customizations/BedrockAPIKeyInterceptorTests.swift index 4f4e728e2f8..1df2c2626be 100644 --- a/Sources/Core/AWSClientRuntime/Tests/AWSClientRuntimeTests/Customizations/BedrockAPIKeyInterceptorTests.swift +++ b/Sources/Core/AWSClientRuntime/Tests/AWSClientRuntimeTests/Customizations/BedrockAPIKeyInterceptorTests.swift @@ -97,7 +97,8 @@ final class BedrockAPIKeyInterceptorTests: XCTestCase { defer { unsetenv(envVarName) } let subject = BedrockAPIKeyInterceptor() let context = Context(attributes: Attributes()) - context.addIdentityResolver(value: try DefaultBearerTokenIdentityResolverChain(), schemeID: "smithy.api#httpBearerAuth") + let resolver = DefaultBearerTokenIdentityResolverChain() + context.addIdentityResolver(value: resolver, schemeID: "smithy.api#httpBearerAuth") let interceptorContext = DefaultInterceptorContext(input: "", attributes: context) try await subject.readBeforeAttempt(context: interceptorContext) diff --git a/Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSSDKEventStreamsAuth/AWSMessageSigner.swift b/Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSDKEventStreamsAuth/AWSMessageSigner.swift similarity index 100% rename from Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSSDKEventStreamsAuth/AWSMessageSigner.swift rename to Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSDKEventStreamsAuth/AWSMessageSigner.swift diff --git a/Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSSDKEventStreamsAuth/AWSSigV4Signer+EventStreams.swift b/Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSDKEventStreamsAuth/AWSSigV4Signer+EventStreams.swift similarity index 100% rename from Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSSDKEventStreamsAuth/AWSSigV4Signer+EventStreams.swift rename to Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSDKEventStreamsAuth/AWSSigV4Signer+EventStreams.swift diff --git a/Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSSDKEventStreamsAuth/Context+AWSEventStreamsAuth.swift b/Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSDKEventStreamsAuth/Context+AWSEventStreamsAuth.swift similarity index 100% rename from Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSSDKEventStreamsAuth/Context+AWSEventStreamsAuth.swift rename to Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSDKEventStreamsAuth/Context+AWSEventStreamsAuth.swift diff --git a/Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSSDKEventStreamsAuth/Context+Signing.swift b/Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSDKEventStreamsAuth/Context+Signing.swift similarity index 100% rename from Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSSDKEventStreamsAuth/Context+Signing.swift rename to Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSDKEventStreamsAuth/Context+Signing.swift diff --git a/Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSSDKEventStreamsAuth/String+hexaData.swift b/Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSDKEventStreamsAuth/String+hexaData.swift similarity index 100% rename from Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSSDKEventStreamsAuth/String+hexaData.swift rename to Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSDKEventStreamsAuth/String+hexaData.swift diff --git a/Sources/Core/AWSSDKForSwift/Documentation.docc/AWSSDKForSwift.md b/Sources/Core/AWSSDKForSwift/Documentation.docc/AWSSDKForSwift.md index 61434e23afc..d474dc6640d 100644 --- a/Sources/Core/AWSSDKForSwift/Documentation.docc/AWSSDKForSwift.md +++ b/Sources/Core/AWSSDKForSwift/Documentation.docc/AWSSDKForSwift.md @@ -72,6 +72,8 @@ This SDK is open-source. Code is available on Github [here](https://github.com/ [AWSSDKIdentity](../../../../../swift/api/awssdkidentity/latest) +[AWSSDKIdentityAPI](../../../../../swift/api/awssdkidentityapi/latest) + [AWSSDKPartitions](../../../../../swift/api/awssdkpartitions/latest) diff --git a/Sources/Core/AWSSDKHTTPAuth/Sources/AWSSDKHTTPAuth/AWSSigV4Signer.swift b/Sources/Core/AWSSDKHTTPAuth/Sources/AWSSDKHTTPAuth/AWSSigV4Signer.swift index 474616f4e28..82396acafbc 100644 --- a/Sources/Core/AWSSDKHTTPAuth/Sources/AWSSDKHTTPAuth/AWSSigV4Signer.swift +++ b/Sources/Core/AWSSDKHTTPAuth/Sources/AWSSDKHTTPAuth/AWSSigV4Signer.swift @@ -5,7 +5,7 @@ // SPDX-License-Identifier: Apache-2.0 // -import struct AWSSDKIdentity.S3ExpressIdentity +import struct AWSSDKIdentityAPI.S3ExpressIdentity import class AwsCommonRuntimeKit.HTTPRequestBase import class AwsCommonRuntimeKit.Signer import class SmithyHTTPAPI.HTTPRequest diff --git a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/AWSCredentialIdentityResolvers/SSOAWSCredentialIdentityResolver.swift b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/AWSCredentialIdentityResolvers/SSOAWSCredentialIdentityResolver.swift index b0ab9fbdf4f..8d8170e09cb 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/AWSCredentialIdentityResolvers/SSOAWSCredentialIdentityResolver.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/AWSCredentialIdentityResolvers/SSOAWSCredentialIdentityResolver.swift @@ -58,15 +58,6 @@ public struct SSOAWSCredentialIdentityResolver: AWSCredentialIdentityResolver { } public func getIdentity(identityProperties: Attributes?) async throws -> AWSCredentialIdentity { - guard let identityProperties, let internalSSOClient = identityProperties.get( - key: InternalClientKeys.internalSSOClientKey - ) else { - throw AWSCredentialIdentityResolverError.failedToResolveAWSCredentials( - "SSOAWSCredentialIdentityResolver: " - + "Missing IdentityProvidingSSOClient in identity properties." - ) - } - let fileBasedConfig = try CRTFileBasedConfiguration( configFilePath: configFilePath, credentialsFilePath: credentialsFilePath @@ -97,7 +88,7 @@ public struct SSOAWSCredentialIdentityResolver: AWSCredentialIdentityResolver { ) } - return try await internalSSOClient.getCredentialsWithSSOToken( + return try await IdentityProvidingSSOClient().getCredentialsWithSSOToken( region: region, accessToken: ssoToken.token, accountID: accountID, diff --git a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/AWSCredentialIdentityResolvers/STSAssumeRoleAWSCredentialIdentityResolver.swift b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/AWSCredentialIdentityResolvers/STSAssumeRoleAWSCredentialIdentityResolver.swift index c41a7b6b211..536b5870bfb 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/AWSCredentialIdentityResolvers/STSAssumeRoleAWSCredentialIdentityResolver.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/AWSCredentialIdentityResolvers/STSAssumeRoleAWSCredentialIdentityResolver.swift @@ -48,19 +48,10 @@ public struct STSAssumeRoleAWSCredentialIdentityResolver: AWSCredentialIdentityR } public func getIdentity(identityProperties: Attributes?) async throws -> AWSCredentialIdentity { - guard let identityProperties, let internalSTSClient = identityProperties.get( - key: InternalClientKeys.internalSTSClientKey - ) else { - throw AWSCredentialIdentityResolverError.failedToResolveAWSCredentials( - "STSAssumeRoleAWSCredentialIdentityResolver: " - + "Missing IdentityProvidingSTSClient in identity properties." - ) - } - let underlyingCreds = try await awsCredentialIdentityResolver.getIdentity( identityProperties: identityProperties ) - return try await internalSTSClient.assumeRoleWithCreds( + return try await IdentityProvidingSTSClient().assumeRoleWithCreds( creds: underlyingCreds, roleARN: roleARN, roleSessionName: roleSessionName, diff --git a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/AWSCredentialIdentityResolvers/STSWebIdentityAWSCredentialIdentityResolver.swift b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/AWSCredentialIdentityResolvers/STSWebIdentityAWSCredentialIdentityResolver.swift index c57c6fba097..f43867f0e91 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/AWSCredentialIdentityResolvers/STSWebIdentityAWSCredentialIdentityResolver.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/AWSCredentialIdentityResolvers/STSWebIdentityAWSCredentialIdentityResolver.swift @@ -96,22 +96,15 @@ public actor STSWebIdentityAWSCredentialIdentityResolver: AWSCredentialIdentityR } public func getIdentity(identityProperties: Attributes?) async throws -> AWSCredentialIdentity { - guard let identityProperties, let internalSTSClient = identityProperties.get( - key: InternalClientKeys.internalSTSClientKey - ) else { - throw AWSCredentialIdentityResolverError.failedToResolveAWSCredentials( - "STSWebIdentityAWSCredentialIdentityResolver: " - + "Missing IdentityProvidingSTSClient in identity properties." - ) - } let (region, roleARN, tokenFilePath, roleSessionName) = try resolveConfiguration() var token = try readToken(from: tokenFilePath) let tokenFeatureIDs = resolveTokenFeatureID() + let stsClient = IdentityProvidingSTSClient() var backoff = 0.1 for _ in 0.. SmithyIdentity.BearerTokenIdentity { - guard let identityProperties, let internalSSOOIDCClient = identityProperties.get( - key: InternalClientKeys.internalSSOOIDCClientKey - ) else { - throw AWSCredentialIdentityResolverError.failedToResolveAWSCredentials( - "SSOBearerTokenIdentityResolver: " - + "Missing IdentityProvidingSSOOIDCClient in identity properties." - ) - } - let fileBasedConfig = try CRTFileBasedConfiguration(configFilePath: configFilePath) let resolvedSSOToken = try await resolveSSOAccessToken( fileBasedConfig: fileBasedConfig, - ssoOIDCClient: internalSSOOIDCClient + ssoOIDCClient: IdentityProvidingSSOOIDCClient() ) return BearerTokenIdentity(token: resolvedSSOToken) } diff --git a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityClientProvider/IdentityProvidingSSOClient.swift b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityClientProvider/IdentityProvidingSSOClient.swift new file mode 100644 index 00000000000..46c6d002487 --- /dev/null +++ b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityClientProvider/IdentityProvidingSSOClient.swift @@ -0,0 +1,61 @@ +// +// Copyright Amazon.com Inc. or its affiliates. +// All Rights Reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// + +import Foundation +import InternalAWSSSO +import struct Smithy.Attributes + +struct IdentityProvidingSSOClient { + + func getCredentialsWithSSOToken( + region: String, + accessToken: String, + accountID: String, + roleName: String, + credentialFeatureIDs: [String] + ) async throws -> AWSCredentialIdentity { + let ssoConfig = try await SSOClient.SSOClientConfiguration(region: region) + ssoConfig.addInterceptorProvider(CredentialFeatureIDInterceptorProvider(featureIDsToAdd: credentialFeatureIDs)) + let sso = SSOClient(config: ssoConfig) + let input = GetRoleCredentialsInput(accessToken: accessToken, accountId: accountID, roleName: roleName) + let out = try await sso.getRoleCredentials(input: input) + guard let accessKey = out.roleCredentials?.accessKeyId, let secretKey = out.roleCredentials?.secretAccessKey + else { + throw AWSCredentialIdentityResolverError.failedToResolveAWSCredentials( + "SSOAWSCredentialIdentityResolver: Failed to retrieve temporary credentials using SSO token." + ) + } + var expiration: Foundation.Date? + if let expiresIn = out.roleCredentials?.expiration { + expiration = Foundation.Date().addingTimeInterval(Foundation.TimeInterval(expiresIn)) + } + var properties = Smithy.Attributes() + if credentialFeatureIDs.last == CredentialFeatureID.CREDENTIALS_PROFILE_SSO_LEGACY.rawValue { + properties.set( + key: AWSIdentityPropertyKeys.credentialFeatureIDs, + value: credentialFeatureIDs + [CredentialFeatureID.CREDENTIALS_SSO_LEGACY.rawValue] + ) + } else if credentialFeatureIDs.last == CredentialFeatureID.CREDENTIALS_PROFILE_SSO.rawValue { + properties.set( + key: AWSIdentityPropertyKeys.credentialFeatureIDs, + value: credentialFeatureIDs + [CredentialFeatureID.CREDENTIALS_SSO.rawValue] + ) + } else { + throw AWSCredentialIdentityResolverError.failedToResolveAWSCredentials( + "SSOAWSCredentialIdentityResolver: Invalid last feature ID found. This should never happen." + ) + } + return AWSCredentialIdentity( + accessKey: accessKey, + secret: secretKey, + accountID: accountID, + expiration: expiration, + sessionToken: out.roleCredentials?.sessionToken, + properties: properties + ) + } +} diff --git a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityClientProvider/IdentityProvidingSSOOIDCClient.swift b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityClientProvider/IdentityProvidingSSOOIDCClient.swift new file mode 100644 index 00000000000..19687044d31 --- /dev/null +++ b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityClientProvider/IdentityProvidingSSOOIDCClient.swift @@ -0,0 +1,37 @@ +// +// Copyright Amazon.com Inc. or its affiliates. +// All Rights Reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// + +import Foundation +import InternalAWSSSOOIDC +import struct SmithyIdentity.BearerTokenIdentity + +struct IdentityProvidingSSOOIDCClient { + + func createToken( + region: String, + clientID: String, + clientSecret: String, + refreshToken: String, + credentialFeatureIDs: [String] + ) async throws -> (refreshToken: String?, BearerTokenIdentity) { + let ssoOIDCConfig = try await SSOOIDCClient.SSOOIDCClientConfiguration(region: region) + ssoOIDCConfig.addInterceptorProvider( + CredentialFeatureIDInterceptorProvider(featureIDsToAdd: credentialFeatureIDs) + ) + let ssoOIDC = SSOOIDCClient(config: ssoOIDCConfig) + let input = CreateTokenInput( + clientId: clientID, + clientSecret: clientSecret, + grantType: "refresh_token", + refreshToken: refreshToken + ) + let out = try await ssoOIDC.createToken(input: input) + let expiration = Foundation.Date().addingTimeInterval(Foundation.TimeInterval(out.expiresIn)) + let token = BearerTokenIdentity(token: out.accessToken ?? "", expiration: expiration) + return (out.refreshToken, token) + } +} diff --git a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityClientProvider/IdentityProvidingSTSClient.swift b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityClientProvider/IdentityProvidingSTSClient.swift new file mode 100644 index 00000000000..051739cfe8b --- /dev/null +++ b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityClientProvider/IdentityProvidingSTSClient.swift @@ -0,0 +1,109 @@ +// +// Copyright Amazon.com Inc. or its affiliates. +// All Rights Reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// + +import Foundation +import InternalAWSSTS +import struct Smithy.Attributes +import struct SmithyIdentity.StaticAWSCredentialIdentityResolver + +struct IdentityProvidingSTSClient: Swift.Sendable { + + func assumeRoleWithCreds( + creds: AWSCredentialIdentity, + roleARN: String, + roleSessionName: String, + durationSeconds: Foundation.TimeInterval, + credentialFeatureIDs: [String] + ) async throws -> AWSCredentialIdentity { + let stsConfig = try await STSClient.STSClientConfiguration() + stsConfig.awsCredentialIdentityResolver = StaticAWSCredentialIdentityResolver(creds) + let sts = STSClient(config: stsConfig) + let out = try await sts.assumeRole( + input: AssumeRoleInput( + durationSeconds: Int(durationSeconds), + roleArn: roleARN, + roleSessionName: roleSessionName + ) + ) + guard let creds = out.credentials, let accessKey = creds.accessKeyId, let secretKey = creds.secretAccessKey + else { + throw AWSCredentialIdentityResolverError.failedToResolveAWSCredentials( + "STSAssumeRoleAWSCredentialIdentityResolver:Failed to retrieve credentials from STS with assume role." + ) + } + var properties = Smithy.Attributes() + if credentialFeatureIDs.last == CredentialFeatureID.CREDENTIALS_STS_ASSUME_ROLE.rawValue { + properties.set( + key: AWSIdentityPropertyKeys.credentialFeatureIDs, + value: credentialFeatureIDs + ) + } else { + properties.set( + key: AWSIdentityPropertyKeys.credentialFeatureIDs, + value: credentialFeatureIDs + [CredentialFeatureID.CREDENTIALS_STS_ASSUME_ROLE.rawValue] + ) + } + return AWSCredentialIdentity( + accessKey: accessKey, + secret: secretKey, + expiration: creds.expiration, + sessionToken: creds.sessionToken, + properties: properties + ) + } + + func getCredentialsWithWebIdentity( + region: String, + roleARN: String, + roleSessionName: String, + webIdentityToken: String, + credentialFeatureIDs: [String] + ) async throws -> AWSCredentialIdentity { + let stsConfig = try await STSClient.STSClientConfiguration(region: region) + stsConfig.addInterceptorProvider(CredentialFeatureIDInterceptorProvider(featureIDsToAdd: credentialFeatureIDs)) + let sts = STSClient(config: stsConfig) + var out: AssumeRoleWithWebIdentityOutput + do { + out = try await sts.assumeRoleWithWebIdentity(input: AssumeRoleWithWebIdentityInput( + roleArn: roleARN, roleSessionName: roleSessionName, webIdentityToken: webIdentityToken + )) + } catch is ExpiredTokenException { + throw IdentityProvidingSTSClientError.expiredTokenException + } catch is IDPCommunicationErrorException { + throw IdentityProvidingSTSClientError.idpCommunicationErrorException + } catch { + throw AWSCredentialIdentityResolverError.failedToResolveAWSCredentials( + "STSWebIdentityAWSCredentialIdentityResolver: " + + "Failed to retrieve credentials from STS with web identity token." + ) + } + guard let creds = out.credentials, let access = creds.accessKeyId, let secret = creds.secretAccessKey else { + throw AWSCredentialIdentityResolverError.failedToResolveAWSCredentials( + "STSWebIdentityAWSCredentialIdentityResolver: " + + "Failed to retrieve credentials from STS with web identity token." + ) + } + var properties = Attributes() + properties.set( + key: AWSIdentityPropertyKeys.credentialFeatureIDs, + value: credentialFeatureIDs + [CredentialFeatureID.CREDENTIALS_STS_ASSUME_ROLE_WEB_ID.rawValue] + ) + return AWSCredentialIdentity( + accessKey: access, + secret: secret, + expiration: creds.expiration, + sessionToken: creds.sessionToken, + properties: properties + ) + } +} + +// This enum wraps STS model's errors so that STSWebIdentity creds resolver doesn't need the actual error types. +public enum IdentityProvidingSTSClientError: Error { + case expiredTokenException + case idpCommunicationErrorException +} diff --git a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityProvidingClients/IdentityProvidingSSOClient.swift b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityProvidingClients/IdentityProvidingSSOClient.swift deleted file mode 100644 index 0cf691c9807..00000000000 --- a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityProvidingClients/IdentityProvidingSSOClient.swift +++ /dev/null @@ -1,16 +0,0 @@ -// -// Copyright Amazon.com Inc. or its affiliates. -// All Rights Reserved. -// -// SPDX-License-Identifier: Apache-2.0 -// - -public protocol IdentityProvidingSSOClient: Sendable { - func getCredentialsWithSSOToken( - region: String, - accessToken: String, - accountID: String, - roleName: String, - credentialFeatureIDs: [String] - ) async throws -> AWSCredentialIdentity -} diff --git a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityProvidingClients/IdentityProvidingSSOOIDCClient.swift b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityProvidingClients/IdentityProvidingSSOOIDCClient.swift deleted file mode 100644 index f4652179383..00000000000 --- a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityProvidingClients/IdentityProvidingSSOOIDCClient.swift +++ /dev/null @@ -1,18 +0,0 @@ -// -// Copyright Amazon.com Inc. or its affiliates. -// All Rights Reserved. -// -// SPDX-License-Identifier: Apache-2.0 -// - -import struct SmithyIdentity.BearerTokenIdentity - -public protocol IdentityProvidingSSOOIDCClient: Sendable { - func createToken( - region: String, - clientID: String, - clientSecret: String, - refreshToken: String, - credentialFeatureIDs: [String] - ) async throws -> (refreshToken: String?, BearerTokenIdentity) -} diff --git a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityProvidingClients/IdentityProvidingSTSClient.swift b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityProvidingClients/IdentityProvidingSTSClient.swift deleted file mode 100644 index 9ab538f4910..00000000000 --- a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityProvidingClients/IdentityProvidingSTSClient.swift +++ /dev/null @@ -1,35 +0,0 @@ -// -// Copyright Amazon.com Inc. or its affiliates. -// All Rights Reserved. -// -// SPDX-License-Identifier: Apache-2.0 -// - -import struct Foundation.TimeInterval - -/// Protocol that allows InternalAWSSTSClient to be used by the STSWebIdentityAWSCredentialIdentityResolver without a direct dependency on it. -/// -/// The `IdentityProvidingSTSClient` type that conforms to this protocol is code-generated along with the Internal STS client. -public protocol IdentityProvidingSTSClient: Sendable { - func getCredentialsWithWebIdentity( - region: String, - roleARN: String, - roleSessionName: String, - webIdentityToken: String, - credentialFeatureIDs: [String] - ) async throws -> AWSCredentialIdentity - - func assumeRoleWithCreds( - creds: AWSCredentialIdentity, - roleARN: String, - roleSessionName: String, - durationSeconds: TimeInterval, - credentialFeatureIDs: [String] - ) async throws -> AWSCredentialIdentity -} - -// This enum wraps STS model's errors so that STSWebIdentity creds resolver doesn't need the actual error types. -public enum IdentityProvidingSTSClientError: Error { - case expiredTokenException - case idpCommunicationErrorException -} diff --git a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityProvidingClients/InternalClientKeys.swift b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityProvidingClients/InternalClientKeys.swift deleted file mode 100644 index 2ebc75700cd..00000000000 --- a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/IdentityProvidingClients/InternalClientKeys.swift +++ /dev/null @@ -1,23 +0,0 @@ -// -// Copyright Amazon.com Inc. or its affiliates. -// All Rights Reserved. -// -// SPDX-License-Identifier: Apache-2.0 -// - -import struct Smithy.AttributeKey - -public enum InternalClientKeys { - /// The STS client to be used in credential resolution. - public static let internalSTSClientKey = AttributeKey( - name: "IdentityProvidingSTSClient" - ) - /// The SSO client to be used in credential resolution. - public static let internalSSOClientKey = AttributeKey( - name: "IdentityProvidingSSOClient" - ) - /// The SSO OIDC client to be used in credential resolution. - public static let internalSSOOIDCClientKey = AttributeKey( - name: "IdentityProvidingSSOOIDCClient" - ) -} diff --git a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/S3Express/S3ExpressIdentity.swift b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/S3Express/S3ExpressIdentity.swift index fce426d050a..d3bf77552e8 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/S3Express/S3ExpressIdentity.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/S3Express/S3ExpressIdentity.swift @@ -5,28 +5,11 @@ // SPDX-License-Identifier: Apache-2.0 // -import protocol SmithyIdentityAPI.Identity -import struct Foundation.Date -import struct Smithy.Attributes +import struct AWSSDKIdentityAPI.S3ExpressIdentity -public struct S3ExpressIdentity: Identity { - public var accessKeyID: String - public var secretAccessKey: String - public var sessionToken: String - public var expiration: Date? - public let properties: Attributes - - public init( - accessKeyID: String, - secretAccessKey: String, - sessionToken: String, - expiration: Date?, - properties: Attributes = Attributes() - ) { - self.accessKeyID = accessKeyID - self.secretAccessKey = secretAccessKey - self.sessionToken = sessionToken - self.expiration = expiration - self.properties = properties - } -} +// This type was moved from this module to AWSSDKIdentityAPI in order to separate this +// struct from the concrete credential resolver implementations in this module. +// +// This typealias makes the type available in its original location to prevent breaking +// customers who expect it to be here. +public typealias S3ExpressIdentity = AWSSDKIdentityAPI.S3ExpressIdentity diff --git a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/S3Express/S3ExpressIdentityResolver.swift b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/S3Express/S3ExpressIdentityResolver.swift index 492fe02e6f4..fec8b60962f 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/S3Express/S3ExpressIdentityResolver.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity/S3Express/S3ExpressIdentityResolver.swift @@ -5,7 +5,11 @@ // SPDX-License-Identifier: Apache-2.0 // -import struct Smithy.Attributes -import protocol SmithyIdentityAPI.IdentityResolver +import protocol AWSSDKIdentityAPI.S3ExpressIdentityResolver -public protocol S3ExpressIdentityResolver: IdentityResolver where IdentityT == S3ExpressIdentity {} +// This type was moved from this module to AWSSDKIdentityAPI in order to separate this +// protocol from the concrete credential resolver implementations in this module. +// +// This typealias makes the type available in its original location to prevent breaking +// customers who expect it to be here. +public typealias S3ExpressIdentityResolver = AWSSDKIdentityAPI.S3ExpressIdentityResolver diff --git a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/AuthSchemeResolver.swift b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/AuthSchemeResolver.swift index 4be15ebc43a..9156446441c 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/AuthSchemeResolver.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/AuthSchemeResolver.swift @@ -14,20 +14,20 @@ import protocol SmithyHTTPAuthAPI.AuthSchemeResolver import protocol SmithyHTTPAuthAPI.AuthSchemeResolverParameters import struct SmithyHTTPAuthAPI.AuthOption -internal struct SSOAuthSchemeResolverParameters: SmithyHTTPAuthAPI.AuthSchemeResolverParameters { +package struct SSOAuthSchemeResolverParameters: SmithyHTTPAuthAPI.AuthSchemeResolverParameters { public let authSchemePreference: [String]? public let operation: Swift.String // Region is used for SigV4 auth scheme public let region: Swift.String? } -internal protocol SSOAuthSchemeResolver: SmithyHTTPAuthAPI.AuthSchemeResolver { +package protocol SSOAuthSchemeResolver: SmithyHTTPAuthAPI.AuthSchemeResolver { // Intentionally empty. // This is the parent protocol that all auth scheme resolver implementations of // the service SSO must conform to. } -internal struct DefaultSSOAuthSchemeResolver: SSOAuthSchemeResolver { +package struct DefaultSSOAuthSchemeResolver: SSOAuthSchemeResolver { public func resolveAuthScheme(params: SmithyHTTPAuthAPI.AuthSchemeResolverParameters) throws -> [SmithyHTTPAuthAPI.AuthOption] { var validAuthOptions = [SmithyHTTPAuthAPI.AuthOption]() diff --git a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/Endpoints.swift b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/Endpoints.swift index 33f632d9667..ad821266a60 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/Endpoints.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/Endpoints.swift @@ -14,7 +14,7 @@ import struct ClientRuntime.DefaultEndpointResolver import struct ClientRuntime.StaticEndpointResolver import struct SmithyHTTPAPI.Endpoint -internal struct EndpointParams: Sendable { +package struct EndpointParams: Sendable { /// Override the endpoint used to send this request public let endpoint: Swift.String? /// The AWS region used to dispatch the request. @@ -52,7 +52,7 @@ extension EndpointParams: ClientRuntime.EndpointsRequestContextProviding { } } -internal protocol EndpointResolver { +package protocol EndpointResolver { func resolve(params: EndpointParams) throws -> SmithyHTTPAPI.Endpoint } diff --git a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/IdentityProvidingSSOClient.swift b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/IdentityProvidingSSOClient.swift deleted file mode 100644 index a9ef1eba224..00000000000 --- a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/IdentityProvidingSSOClient.swift +++ /dev/null @@ -1,45 +0,0 @@ -// -// Copyright Amazon.com Inc. or its affiliates. -// All Rights Reserved. -// -// SPDX-License-Identifier: Apache-2.0 -// - -// Code generated by smithy-swift-codegen. DO NOT EDIT! - -import Foundation -import class AWSSDKIdentity.CredentialFeatureIDInterceptorProvider -import enum AWSSDKIdentity.AWSCredentialIdentityResolverError -import enum AWSSDKIdentity.AWSIdentityPropertyKeys -import enum AWSSDKIdentity.CredentialFeatureID -import protocol AWSSDKIdentity.IdentityProvidingSSOClient -import struct AWSSDKIdentity.AWSCredentialIdentity -import struct Smithy.Attributes - -package struct IdentityProvidingSSOClient: AWSSDKIdentity.IdentityProvidingSSOClient { - package init() {} - - package func getCredentialsWithSSOToken(region: String, accessToken: String, accountID: String, roleName: String, credentialFeatureIDs: [String]) async throws -> AWSSDKIdentity.AWSCredentialIdentity { - let ssoConfig = try await SSOClient.SSOClientConfiguration(region: region) - ssoConfig.addInterceptorProvider(AWSSDKIdentity.CredentialFeatureIDInterceptorProvider(featureIDsToAdd: credentialFeatureIDs)) - let sso = SSOClient(config: ssoConfig) - let input = GetRoleCredentialsInput(accessToken: accessToken, accountId: accountID, roleName: roleName) - let out = try await sso.getRoleCredentials(input: input) - guard let accessKey = out.roleCredentials?.accessKeyId, let secretKey = out.roleCredentials?.secretAccessKey else { - throw AWSSDKIdentity.AWSCredentialIdentityResolverError.failedToResolveAWSCredentials("SSOAWSCredentialIdentityResolver: Failed to retrieve temporary credentials using SSO token.") - } - var expiration: Foundation.Date? = nil - if let expiresIn = out.roleCredentials?.expiration { - expiration = Foundation.Date().addingTimeInterval(Foundation.TimeInterval(expiresIn)) - } - var properties = Smithy.Attributes() - if credentialFeatureIDs.last == AWSSDKIdentity.CredentialFeatureID.CREDENTIALS_PROFILE_SSO_LEGACY.rawValue { - properties.set(key: AWSSDKIdentity.AWSIdentityPropertyKeys.credentialFeatureIDs, value: credentialFeatureIDs + [AWSSDKIdentity.CredentialFeatureID.CREDENTIALS_SSO_LEGACY.rawValue]) - } else if credentialFeatureIDs.last == AWSSDKIdentity.CredentialFeatureID.CREDENTIALS_PROFILE_SSO.rawValue { - properties.set(key: AWSSDKIdentity.AWSIdentityPropertyKeys.credentialFeatureIDs, value: credentialFeatureIDs + [AWSSDKIdentity.CredentialFeatureID.CREDENTIALS_SSO.rawValue]) - } else { - throw AWSSDKIdentity.AWSCredentialIdentityResolverError.failedToResolveAWSCredentials("SSOAWSCredentialIdentityResolver: Invalid last feature ID found. This should never happen.") - } - return AWSSDKIdentity.AWSCredentialIdentity(accessKey: accessKey, secret: secretKey, accountID: accountID, expiration: expiration, sessionToken: out.roleCredentials?.sessionToken, properties: properties) - } -} diff --git a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/Models.swift b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/Models.swift index 04cceb7a28f..04eb5abfe32 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/Models.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/Models.swift @@ -24,9 +24,9 @@ import struct SmithyHTTPAPI.Header import struct SmithyHTTPAPI.Headers /// Indicates that a problem occurred with the input to the request. For example, a required parameter might be missing or out of range. -internal struct InvalidRequestException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct InvalidRequestException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { public internal(set) var message: Swift.String? = nil } @@ -47,9 +47,9 @@ internal struct InvalidRequestException: ClientRuntime.ModeledError, AWSClientRu } /// The specified resource doesn't exist. -internal struct ResourceNotFoundException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct ResourceNotFoundException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { public internal(set) var message: Swift.String? = nil } @@ -70,9 +70,9 @@ internal struct ResourceNotFoundException: ClientRuntime.ModeledError, AWSClient } /// Indicates that the request is being made too frequently and is more than what the server can handle. -internal struct TooManyRequestsException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct TooManyRequestsException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { public internal(set) var message: Swift.String? = nil } @@ -93,9 +93,9 @@ internal struct TooManyRequestsException: ClientRuntime.ModeledError, AWSClientR } /// Indicates that the request is not authorized. This can happen due to an invalid access token in the request. -internal struct UnauthorizedException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct UnauthorizedException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { public internal(set) var message: Swift.String? = nil } @@ -115,7 +115,7 @@ internal struct UnauthorizedException: ClientRuntime.ModeledError, AWSClientRunt } } -internal struct GetRoleCredentialsInput: Swift.Sendable { +package struct GetRoleCredentialsInput: Swift.Sendable { /// The token issued by the CreateToken API call. For more information, see [CreateToken](https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateToken.html) in the IAM Identity Center OIDC API Reference Guide. /// This member is required. public var accessToken: Swift.String? @@ -145,7 +145,7 @@ extension GetRoleCredentialsInput: Swift.CustomDebugStringConvertible { extension SSOClientTypes { /// Provides information about the role credentials that are assigned to the user. - internal struct RoleCredentials: Swift.Sendable { + package struct RoleCredentials: Swift.Sendable { /// The identifier used for the temporary security credentials. For more information, see [Using Temporary Security Credentials to Request Access to AWS Resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html) in the AWS IAM User Guide. public var accessKeyId: Swift.String? /// The date on which temporary security credentials expire. @@ -174,7 +174,7 @@ extension SSOClientTypes.RoleCredentials: Swift.CustomDebugStringConvertible { "RoleCredentials(accessKeyId: \(Swift.String(describing: accessKeyId)), expiration: \(Swift.String(describing: expiration)), secretAccessKey: \"CONTENT_REDACTED\", sessionToken: \"CONTENT_REDACTED\")"} } -internal struct GetRoleCredentialsOutput: Swift.Sendable { +package struct GetRoleCredentialsOutput: Swift.Sendable { /// The credentials for the role that is assigned to the user. public var roleCredentials: SSOClientTypes.RoleCredentials? @@ -317,4 +317,4 @@ extension SSOClientTypes.RoleCredentials { } } -internal enum SSOClientTypes {} +package enum SSOClientTypes {} diff --git a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/Plugins.swift b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/Plugins.swift index f93a5254a03..f4b2e1c2c3d 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/Plugins.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/Plugins.swift @@ -7,18 +7,17 @@ // Code generated by smithy-swift-codegen. DO NOT EDIT! -import class AWSSDKIdentity.DefaultAWSCredentialIdentityResolverChain import protocol ClientRuntime.ClientConfiguration import protocol ClientRuntime.Plugin import protocol SmithyHTTPAuthAPI.AuthSchemeResolver -import protocol SmithyIdentity.AWSCredentialIdentityResolver +@_spi(AWSCredentialIdentityResolver) import protocol SmithyIdentity.AWSCredentialIdentityResolver import protocol SmithyIdentity.BearerTokenIdentityResolver import struct AWSSDKHTTPAuth.SigV4AuthScheme -import struct SmithyIdentity.BearerTokenIdentity -import struct SmithyIdentity.StaticBearerTokenIdentityResolver +@_spi(StaticAWSCredentialIdentityResolver) import struct SmithyIdentity.StaticAWSCredentialIdentityResolver +@_spi(StaticBearerTokenIdentityResolver) import struct SmithyIdentity.StaticBearerTokenIdentityResolver import typealias SmithyHTTPAuthAPI.AuthSchemes -internal class SSOClientEndpointPlugin: Plugin { +package class SSOClientEndpointPlugin: Plugin { private var endpointResolver: EndpointResolver public init(endpointResolver: EndpointResolver) { @@ -36,7 +35,7 @@ internal class SSOClientEndpointPlugin: Plugin { } } -internal class DefaultAWSAuthSchemePlugin: ClientRuntime.Plugin { +package class DefaultAWSAuthSchemePlugin: ClientRuntime.Plugin { public init() {} @@ -44,13 +43,13 @@ internal class DefaultAWSAuthSchemePlugin: ClientRuntime.Plugin { if let config = clientConfiguration as? SSOClient.SSOClientConfiguration { config.authSchemeResolver = DefaultSSOAuthSchemeResolver() config.authSchemes = [AWSSDKHTTPAuth.SigV4AuthScheme()] - config.awsCredentialIdentityResolver = AWSSDKIdentity.DefaultAWSCredentialIdentityResolverChain() - config.bearerTokenIdentityResolver = SmithyIdentity.StaticBearerTokenIdentityResolver(token: SmithyIdentity.BearerTokenIdentity(token: "")) + config.awsCredentialIdentityResolver = SmithyIdentity.StaticAWSCredentialIdentityResolver() + config.bearerTokenIdentityResolver = SmithyIdentity.StaticBearerTokenIdentityResolver() } } } -internal class SSOClientAuthSchemePlugin: ClientRuntime.Plugin { +package class SSOClientAuthSchemePlugin: ClientRuntime.Plugin { private var authSchemes: SmithyHTTPAuthAPI.AuthSchemes? private var authSchemePreference: [String] private var authSchemeResolver: SmithyHTTPAuthAPI.AuthSchemeResolver? diff --git a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/SSOClient.swift b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/SSOClient.swift index 8eefc347dcb..cc332752149 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/SSOClient.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSO/SSOClient.swift @@ -10,7 +10,6 @@ import class AWSClientRuntime.AWSClientConfigDefaultsProvider import class AWSClientRuntime.AmzSdkRequestMiddleware import class AWSClientRuntime.DefaultAWSClientPlugin -import class AWSSDKIdentity.DefaultAWSCredentialIdentityResolverChain import class ClientRuntime.ClientBuilder import class ClientRuntime.DefaultClientPlugin import class ClientRuntime.HttpClientConfiguration @@ -39,7 +38,7 @@ import protocol ClientRuntime.TelemetryProvider import protocol Smithy.LogAgent import protocol SmithyHTTPAPI.HTTPClient import protocol SmithyHTTPAuthAPI.AuthSchemeResolver -import protocol SmithyIdentity.AWSCredentialIdentityResolver +@_spi(AWSCredentialIdentityResolver) import protocol SmithyIdentity.AWSCredentialIdentityResolver import protocol SmithyIdentity.BearerTokenIdentityResolver @_spi(AWSEndpointResolverMiddleware) import struct AWSClientRuntime.AWSEndpointResolverMiddleware import struct AWSClientRuntime.AmzSdkInvocationIdMiddleware @@ -55,12 +54,13 @@ import struct ClientRuntime.URLHostMiddleware import struct ClientRuntime.URLPathMiddleware import struct Smithy.Attributes import struct SmithyIdentity.BearerTokenIdentity -import struct SmithyIdentity.StaticBearerTokenIdentityResolver +@_spi(StaticAWSCredentialIdentityResolver) import struct SmithyIdentity.StaticAWSCredentialIdentityResolver +@_spi(StaticBearerTokenIdentityResolver) import struct SmithyIdentity.StaticBearerTokenIdentityResolver import struct SmithyRetries.DefaultRetryStrategy import struct SmithyRetriesAPI.RetryStrategyOptions import typealias SmithyHTTPAuthAPI.AuthSchemes -internal class SSOClient: ClientRuntime.Client { +package class SSOClient: ClientRuntime.Client { public static let clientName = "SSOClient" public static let version = "1.5.13" let client: ClientRuntime.SdkHttpClient @@ -199,7 +199,7 @@ extension SSOClient { useFIPS, useDualStack, try appID ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.appID(), - awsCredentialIdentityResolver ?? AWSSDKIdentity.DefaultAWSCredentialIdentityResolverChain(), + awsCredentialIdentityResolver ?? SmithyIdentity.StaticAWSCredentialIdentityResolver(), try awsRetryMode ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.retryMode(), maxAttempts, try requestChecksumCalculation ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.requestChecksumCalculation(requestChecksumCalculation), @@ -255,7 +255,7 @@ extension SSOClient { useFIPS, useDualStack, try appID ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.appID(), - awsCredentialIdentityResolver ?? AWSSDKIdentity.DefaultAWSCredentialIdentityResolverChain(), + awsCredentialIdentityResolver ?? SmithyIdentity.StaticAWSCredentialIdentityResolver(), try awsRetryMode ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.retryMode(), maxAttempts, try requestChecksumCalculation ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.requestChecksumCalculation(requestChecksumCalculation), @@ -315,7 +315,7 @@ extension SSOClient { nil, nil, try AWSClientRuntime.AWSClientConfigDefaultsProvider.appID(), - AWSSDKIdentity.DefaultAWSCredentialIdentityResolverChain(), + SmithyIdentity.StaticAWSCredentialIdentityResolver(), try AWSClientRuntime.AWSClientConfigDefaultsProvider.retryMode(), nil, try AWSClientConfigDefaultsProvider.requestChecksumCalculation(), diff --git a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/AuthSchemeResolver.swift b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/AuthSchemeResolver.swift index 93d2d8fb8c5..cc7ceeb450a 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/AuthSchemeResolver.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/AuthSchemeResolver.swift @@ -14,20 +14,20 @@ import protocol SmithyHTTPAuthAPI.AuthSchemeResolver import protocol SmithyHTTPAuthAPI.AuthSchemeResolverParameters import struct SmithyHTTPAuthAPI.AuthOption -internal struct SSOOIDCAuthSchemeResolverParameters: SmithyHTTPAuthAPI.AuthSchemeResolverParameters { +package struct SSOOIDCAuthSchemeResolverParameters: SmithyHTTPAuthAPI.AuthSchemeResolverParameters { public let authSchemePreference: [String]? public let operation: Swift.String // Region is used for SigV4 auth scheme public let region: Swift.String? } -internal protocol SSOOIDCAuthSchemeResolver: SmithyHTTPAuthAPI.AuthSchemeResolver { +package protocol SSOOIDCAuthSchemeResolver: SmithyHTTPAuthAPI.AuthSchemeResolver { // Intentionally empty. // This is the parent protocol that all auth scheme resolver implementations of // the service SSOOIDC must conform to. } -internal struct DefaultSSOOIDCAuthSchemeResolver: SSOOIDCAuthSchemeResolver { +package struct DefaultSSOOIDCAuthSchemeResolver: SSOOIDCAuthSchemeResolver { public func resolveAuthScheme(params: SmithyHTTPAuthAPI.AuthSchemeResolverParameters) throws -> [SmithyHTTPAuthAPI.AuthOption] { var validAuthOptions = [SmithyHTTPAuthAPI.AuthOption]() diff --git a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/Endpoints.swift b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/Endpoints.swift index d0e475e1793..ffea6f8cbda 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/Endpoints.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/Endpoints.swift @@ -14,7 +14,7 @@ import struct ClientRuntime.DefaultEndpointResolver import struct ClientRuntime.StaticEndpointResolver import struct SmithyHTTPAPI.Endpoint -internal struct EndpointParams: Sendable { +package struct EndpointParams: Sendable { /// Override the endpoint used to send this request public let endpoint: Swift.String? /// The AWS region used to dispatch the request. @@ -52,7 +52,7 @@ extension EndpointParams: ClientRuntime.EndpointsRequestContextProviding { } } -internal protocol EndpointResolver { +package protocol EndpointResolver { func resolve(params: EndpointParams) throws -> SmithyHTTPAPI.Endpoint } diff --git a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/IdentityProvidingSSOOIDCClient.swift b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/IdentityProvidingSSOOIDCClient.swift deleted file mode 100644 index c35bd76f1ba..00000000000 --- a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/IdentityProvidingSSOOIDCClient.swift +++ /dev/null @@ -1,28 +0,0 @@ -// -// Copyright Amazon.com Inc. or its affiliates. -// All Rights Reserved. -// -// SPDX-License-Identifier: Apache-2.0 -// - -// Code generated by smithy-swift-codegen. DO NOT EDIT! - -import Foundation -import class AWSSDKIdentity.CredentialFeatureIDInterceptorProvider -import protocol AWSSDKIdentity.IdentityProvidingSSOOIDCClient -import struct SmithyIdentity.BearerTokenIdentity - -package struct IdentityProvidingSSOOIDCClient: AWSSDKIdentity.IdentityProvidingSSOOIDCClient { - package init() {} - - package func createToken(region: String, clientID: String, clientSecret: String, refreshToken: String, credentialFeatureIDs: [String]) async throws -> (refreshToken: String?, SmithyIdentity.BearerTokenIdentity) { - let ssoOIDCConfig = try await SSOOIDCClient.SSOOIDCClientConfiguration(region: region) - ssoOIDCConfig.addInterceptorProvider(AWSSDKIdentity.CredentialFeatureIDInterceptorProvider(featureIDsToAdd: credentialFeatureIDs)) - let ssoOIDC = SSOOIDCClient(config: ssoOIDCConfig) - let input = CreateTokenInput(clientId: clientID, clientSecret: clientSecret, grantType: "refresh_token", refreshToken: refreshToken) - let out = try await ssoOIDC.createToken(input: input) - let expiration = Foundation.Date().addingTimeInterval(Foundation.TimeInterval(out.expiresIn)) - let token = BearerTokenIdentity(token: out.accessToken ?? "", expiration: expiration) - return (out.refreshToken, token) - } -} diff --git a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/Models.swift b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/Models.swift index 121153c5f02..9a38a3ec268 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/Models.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/Models.swift @@ -22,9 +22,9 @@ import protocol ClientRuntime.ModeledError @_spi(UnknownAWSHTTPServiceError) import struct AWSClientRuntime.UnknownAWSHTTPServiceError /// You do not have sufficient access to perform this action. -internal struct AccessDeniedException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct AccessDeniedException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { /// Single error code. For this exception the value will be access_denied. public internal(set) var error: Swift.String? = nil /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred. @@ -50,9 +50,9 @@ internal struct AccessDeniedException: ClientRuntime.ModeledError, AWSClientRunt } /// Indicates that a request to authorize a client with an access user session token is pending. -internal struct AuthorizationPendingException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct AuthorizationPendingException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { /// Single error code. For this exception the value will be authorization_pending. public internal(set) var error: Swift.String? = nil /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred. @@ -78,9 +78,9 @@ internal struct AuthorizationPendingException: ClientRuntime.ModeledError, AWSCl } /// Indicates that the token issued by the service is expired and is no longer valid. -internal struct ExpiredTokenException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct ExpiredTokenException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { /// Single error code. For this exception the value will be expired_token. public internal(set) var error: Swift.String? = nil /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred. @@ -106,9 +106,9 @@ internal struct ExpiredTokenException: ClientRuntime.ModeledError, AWSClientRunt } /// Indicates that an error from the service occurred while trying to process a request. -internal struct InternalServerException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct InternalServerException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { /// Single error code. For this exception the value will be server_error. public internal(set) var error: Swift.String? = nil /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred. @@ -134,9 +134,9 @@ internal struct InternalServerException: ClientRuntime.ModeledError, AWSClientRu } /// Indicates that the clientId or clientSecret in the request is invalid. For example, this can occur when a client sends an incorrect clientId or an expired clientSecret. -internal struct InvalidClientException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct InvalidClientException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { /// Single error code. For this exception the value will be invalid_client. public internal(set) var error: Swift.String? = nil /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred. @@ -162,9 +162,9 @@ internal struct InvalidClientException: ClientRuntime.ModeledError, AWSClientRun } /// Indicates that a request contains an invalid grant. This can occur if a client makes a [CreateToken] request with an invalid grant type. -internal struct InvalidGrantException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct InvalidGrantException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { /// Single error code. For this exception the value will be invalid_grant. public internal(set) var error: Swift.String? = nil /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred. @@ -190,9 +190,9 @@ internal struct InvalidGrantException: ClientRuntime.ModeledError, AWSClientRunt } /// Indicates that something is wrong with the input to the request. For example, a required parameter might be missing or out of range. -internal struct InvalidRequestException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct InvalidRequestException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { /// Single error code. For this exception the value will be invalid_request. public internal(set) var error: Swift.String? = nil /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred. @@ -218,9 +218,9 @@ internal struct InvalidRequestException: ClientRuntime.ModeledError, AWSClientRu } /// Indicates that the scope provided in the request is invalid. -internal struct InvalidScopeException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct InvalidScopeException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { /// Single error code. For this exception the value will be invalid_scope. public internal(set) var error: Swift.String? = nil /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred. @@ -246,9 +246,9 @@ internal struct InvalidScopeException: ClientRuntime.ModeledError, AWSClientRunt } /// Indicates that the client is making the request too frequently and is more than the service can handle. -internal struct SlowDownException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct SlowDownException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { /// Single error code. For this exception the value will be slow_down. public internal(set) var error: Swift.String? = nil /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred. @@ -274,9 +274,9 @@ internal struct SlowDownException: ClientRuntime.ModeledError, AWSClientRuntime. } /// Indicates that the client is not currently authorized to make the request. This can happen when a clientId is not issued for a public client. -internal struct UnauthorizedClientException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct UnauthorizedClientException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { /// Single error code. For this exception the value will be unauthorized_client. public internal(set) var error: Swift.String? = nil /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred. @@ -302,9 +302,9 @@ internal struct UnauthorizedClientException: ClientRuntime.ModeledError, AWSClie } /// Indicates that the grant type in the request is not supported by the service. -internal struct UnsupportedGrantTypeException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct UnsupportedGrantTypeException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { /// Single error code. For this exception the value will be unsupported_grant_type. public internal(set) var error: Swift.String? = nil /// Human-readable text providing additional information, used to assist the client developer in understanding the error that occurred. @@ -329,7 +329,7 @@ internal struct UnsupportedGrantTypeException: ClientRuntime.ModeledError, AWSCl } } -internal struct CreateTokenInput: Swift.Sendable { +package struct CreateTokenInput: Swift.Sendable { /// The unique identifier string for the client or application. This value comes from the result of the [RegisterClient] API. /// This member is required. public var clientId: Swift.String? @@ -380,7 +380,7 @@ extension CreateTokenInput: Swift.CustomDebugStringConvertible { "CreateTokenInput(clientId: \(Swift.String(describing: clientId)), code: \(Swift.String(describing: code)), deviceCode: \(Swift.String(describing: deviceCode)), grantType: \(Swift.String(describing: grantType)), redirectUri: \(Swift.String(describing: redirectUri)), scope: \(Swift.String(describing: scope)), clientSecret: \"CONTENT_REDACTED\", codeVerifier: \"CONTENT_REDACTED\", refreshToken: \"CONTENT_REDACTED\")"} } -internal struct CreateTokenOutput: Swift.Sendable { +package struct CreateTokenOutput: Swift.Sendable { /// A bearer token to access Amazon Web Services accounts and applications assigned to a user. public var accessToken: Swift.String? /// Indicates the time in seconds when an access token will expire. @@ -629,4 +629,4 @@ extension UnsupportedGrantTypeException { } } -internal enum SSOOIDCClientTypes {} +package enum SSOOIDCClientTypes {} diff --git a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/Plugins.swift b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/Plugins.swift index a5335fa7a1a..ebdb68f2d6b 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/Plugins.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/Plugins.swift @@ -7,18 +7,17 @@ // Code generated by smithy-swift-codegen. DO NOT EDIT! -import class AWSSDKIdentity.DefaultAWSCredentialIdentityResolverChain import protocol ClientRuntime.ClientConfiguration import protocol ClientRuntime.Plugin import protocol SmithyHTTPAuthAPI.AuthSchemeResolver -import protocol SmithyIdentity.AWSCredentialIdentityResolver +@_spi(AWSCredentialIdentityResolver) import protocol SmithyIdentity.AWSCredentialIdentityResolver import protocol SmithyIdentity.BearerTokenIdentityResolver import struct AWSSDKHTTPAuth.SigV4AuthScheme -import struct SmithyIdentity.BearerTokenIdentity -import struct SmithyIdentity.StaticBearerTokenIdentityResolver +@_spi(StaticAWSCredentialIdentityResolver) import struct SmithyIdentity.StaticAWSCredentialIdentityResolver +@_spi(StaticBearerTokenIdentityResolver) import struct SmithyIdentity.StaticBearerTokenIdentityResolver import typealias SmithyHTTPAuthAPI.AuthSchemes -internal class SSOOIDCClientEndpointPlugin: Plugin { +package class SSOOIDCClientEndpointPlugin: Plugin { private var endpointResolver: EndpointResolver public init(endpointResolver: EndpointResolver) { @@ -36,7 +35,7 @@ internal class SSOOIDCClientEndpointPlugin: Plugin { } } -internal class DefaultAWSAuthSchemePlugin: ClientRuntime.Plugin { +package class DefaultAWSAuthSchemePlugin: ClientRuntime.Plugin { public init() {} @@ -44,13 +43,13 @@ internal class DefaultAWSAuthSchemePlugin: ClientRuntime.Plugin { if let config = clientConfiguration as? SSOOIDCClient.SSOOIDCClientConfiguration { config.authSchemeResolver = DefaultSSOOIDCAuthSchemeResolver() config.authSchemes = [AWSSDKHTTPAuth.SigV4AuthScheme()] - config.awsCredentialIdentityResolver = AWSSDKIdentity.DefaultAWSCredentialIdentityResolverChain() - config.bearerTokenIdentityResolver = SmithyIdentity.StaticBearerTokenIdentityResolver(token: SmithyIdentity.BearerTokenIdentity(token: "")) + config.awsCredentialIdentityResolver = SmithyIdentity.StaticAWSCredentialIdentityResolver() + config.bearerTokenIdentityResolver = SmithyIdentity.StaticBearerTokenIdentityResolver() } } } -internal class SSOOIDCClientAuthSchemePlugin: ClientRuntime.Plugin { +package class SSOOIDCClientAuthSchemePlugin: ClientRuntime.Plugin { private var authSchemes: SmithyHTTPAuthAPI.AuthSchemes? private var authSchemePreference: [String] private var authSchemeResolver: SmithyHTTPAuthAPI.AuthSchemeResolver? diff --git a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/SSOOIDCClient.swift b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/SSOOIDCClient.swift index 19a4753a65f..3faad7bc41d 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/SSOOIDCClient.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSSOOIDC/SSOOIDCClient.swift @@ -10,7 +10,6 @@ import class AWSClientRuntime.AWSClientConfigDefaultsProvider import class AWSClientRuntime.AmzSdkRequestMiddleware import class AWSClientRuntime.DefaultAWSClientPlugin -import class AWSSDKIdentity.DefaultAWSCredentialIdentityResolverChain import class ClientRuntime.ClientBuilder import class ClientRuntime.DefaultClientPlugin import class ClientRuntime.HttpClientConfiguration @@ -40,7 +39,7 @@ import protocol ClientRuntime.TelemetryProvider import protocol Smithy.LogAgent import protocol SmithyHTTPAPI.HTTPClient import protocol SmithyHTTPAuthAPI.AuthSchemeResolver -import protocol SmithyIdentity.AWSCredentialIdentityResolver +@_spi(AWSCredentialIdentityResolver) import protocol SmithyIdentity.AWSCredentialIdentityResolver import protocol SmithyIdentity.BearerTokenIdentityResolver @_spi(SmithyReadWrite) import protocol SmithyReadWrite.SmithyWriter @_spi(AWSEndpointResolverMiddleware) import struct AWSClientRuntime.AWSEndpointResolverMiddleware @@ -58,12 +57,13 @@ import struct ClientRuntime.URLHostMiddleware import struct ClientRuntime.URLPathMiddleware import struct Smithy.Attributes import struct SmithyIdentity.BearerTokenIdentity -import struct SmithyIdentity.StaticBearerTokenIdentityResolver +@_spi(StaticAWSCredentialIdentityResolver) import struct SmithyIdentity.StaticAWSCredentialIdentityResolver +@_spi(StaticBearerTokenIdentityResolver) import struct SmithyIdentity.StaticBearerTokenIdentityResolver import struct SmithyRetries.DefaultRetryStrategy import struct SmithyRetriesAPI.RetryStrategyOptions import typealias SmithyHTTPAuthAPI.AuthSchemes -internal class SSOOIDCClient: ClientRuntime.Client { +package class SSOOIDCClient: ClientRuntime.Client { public static let clientName = "SSOOIDCClient" public static let version = "1.5.13" let client: ClientRuntime.SdkHttpClient @@ -202,7 +202,7 @@ extension SSOOIDCClient { useFIPS, useDualStack, try appID ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.appID(), - awsCredentialIdentityResolver ?? AWSSDKIdentity.DefaultAWSCredentialIdentityResolverChain(), + awsCredentialIdentityResolver ?? SmithyIdentity.StaticAWSCredentialIdentityResolver(), try awsRetryMode ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.retryMode(), maxAttempts, try requestChecksumCalculation ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.requestChecksumCalculation(requestChecksumCalculation), @@ -258,7 +258,7 @@ extension SSOOIDCClient { useFIPS, useDualStack, try appID ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.appID(), - awsCredentialIdentityResolver ?? AWSSDKIdentity.DefaultAWSCredentialIdentityResolverChain(), + awsCredentialIdentityResolver ?? SmithyIdentity.StaticAWSCredentialIdentityResolver(), try awsRetryMode ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.retryMode(), maxAttempts, try requestChecksumCalculation ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.requestChecksumCalculation(requestChecksumCalculation), @@ -318,7 +318,7 @@ extension SSOOIDCClient { nil, nil, try AWSClientRuntime.AWSClientConfigDefaultsProvider.appID(), - AWSSDKIdentity.DefaultAWSCredentialIdentityResolverChain(), + SmithyIdentity.StaticAWSCredentialIdentityResolver(), try AWSClientRuntime.AWSClientConfigDefaultsProvider.retryMode(), nil, try AWSClientConfigDefaultsProvider.requestChecksumCalculation(), diff --git a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/AuthSchemeResolver.swift b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/AuthSchemeResolver.swift index 0e474acf772..191ae089b6d 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/AuthSchemeResolver.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/AuthSchemeResolver.swift @@ -14,20 +14,20 @@ import protocol SmithyHTTPAuthAPI.AuthSchemeResolver import protocol SmithyHTTPAuthAPI.AuthSchemeResolverParameters import struct SmithyHTTPAuthAPI.AuthOption -internal struct STSAuthSchemeResolverParameters: SmithyHTTPAuthAPI.AuthSchemeResolverParameters { +package struct STSAuthSchemeResolverParameters: SmithyHTTPAuthAPI.AuthSchemeResolverParameters { public let authSchemePreference: [String]? public let operation: Swift.String // Region is used for SigV4 auth scheme public let region: Swift.String? } -internal protocol STSAuthSchemeResolver: SmithyHTTPAuthAPI.AuthSchemeResolver { +package protocol STSAuthSchemeResolver: SmithyHTTPAuthAPI.AuthSchemeResolver { // Intentionally empty. // This is the parent protocol that all auth scheme resolver implementations of // the service STS must conform to. } -internal struct DefaultSTSAuthSchemeResolver: STSAuthSchemeResolver { +package struct DefaultSTSAuthSchemeResolver: STSAuthSchemeResolver { public func resolveAuthScheme(params: SmithyHTTPAuthAPI.AuthSchemeResolverParameters) throws -> [SmithyHTTPAuthAPI.AuthOption] { var validAuthOptions = [SmithyHTTPAuthAPI.AuthOption]() diff --git a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/Endpoints.swift b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/Endpoints.swift index 584b79f4a7a..f05d92350a8 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/Endpoints.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/Endpoints.swift @@ -14,7 +14,7 @@ import struct ClientRuntime.DefaultEndpointResolver import struct ClientRuntime.StaticEndpointResolver import struct SmithyHTTPAPI.Endpoint -internal struct EndpointParams: Sendable { +package struct EndpointParams: Sendable { /// Override the endpoint used to send this request public let endpoint: Swift.String? /// The AWS region used to dispatch the request. @@ -57,7 +57,7 @@ extension EndpointParams: ClientRuntime.EndpointsRequestContextProviding { } } -internal protocol EndpointResolver { +package protocol EndpointResolver { func resolve(params: EndpointParams) throws -> SmithyHTTPAPI.Endpoint } diff --git a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/IdentityProvidingSTSClient.swift b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/IdentityProvidingSTSClient.swift deleted file mode 100644 index 344f90bcc6c..00000000000 --- a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/IdentityProvidingSTSClient.swift +++ /dev/null @@ -1,70 +0,0 @@ -// -// Copyright Amazon.com Inc. or its affiliates. -// All Rights Reserved. -// -// SPDX-License-Identifier: Apache-2.0 -// - -// Code generated by smithy-swift-codegen. DO NOT EDIT! - -import Foundation -import class AWSSDKIdentity.CredentialFeatureIDInterceptorProvider -import enum AWSSDKIdentity.AWSCredentialIdentityResolverError -import enum AWSSDKIdentity.AWSIdentityPropertyKeys -import enum AWSSDKIdentity.CredentialFeatureID -import enum AWSSDKIdentity.IdentityProvidingSTSClientError -import protocol AWSSDKIdentity.IdentityProvidingSTSClient -import struct AWSSDKIdentity.AWSCredentialIdentity -import struct Smithy.Attributes -import struct SmithyIdentity.StaticAWSCredentialIdentityResolver - -package struct IdentityProvidingSTSClient: AWSSDKIdentity.IdentityProvidingSTSClient, Swift.Sendable { - package init() {} - - package func assumeRoleWithCreds(creds: AWSSDKIdentity.AWSCredentialIdentity, roleARN: String, roleSessionName: String, durationSeconds: Foundation.TimeInterval, credentialFeatureIDs: [String]) async throws -> AWSSDKIdentity.AWSCredentialIdentity { - let stsConfig = try await STSClient.STSClientConfiguration() - stsConfig.awsCredentialIdentityResolver = SmithyIdentity.StaticAWSCredentialIdentityResolver(creds) - let sts = STSClient(config: stsConfig) - let out = try await sts.assumeRole(input: AssumeRoleInput(durationSeconds: Int(durationSeconds), roleArn: roleARN, roleSessionName: roleSessionName)) - guard let creds = out.credentials, let accessKey = creds.accessKeyId, let secretKey = creds.secretAccessKey else { - throw AWSSDKIdentity.AWSCredentialIdentityResolverError.failedToResolveAWSCredentials("STSAssumeRoleAWSCredentialIdentityResolver:Failed to retrieve credentials from STS with assume role.") - } - var properties = Smithy.Attributes() - if credentialFeatureIDs.last == AWSSDKIdentity.CredentialFeatureID.CREDENTIALS_STS_ASSUME_ROLE.rawValue { - properties.set(key: AWSSDKIdentity.AWSIdentityPropertyKeys.credentialFeatureIDs, value: credentialFeatureIDs) - } else { - properties.set(key: AWSSDKIdentity.AWSIdentityPropertyKeys.credentialFeatureIDs, value: credentialFeatureIDs + [AWSSDKIdentity.CredentialFeatureID.CREDENTIALS_STS_ASSUME_ROLE.rawValue]) - } - return AWSCredentialIdentity(accessKey: accessKey, secret: secretKey, expiration: creds.expiration, sessionToken: creds.sessionToken, properties: properties) - } - - package func getCredentialsWithWebIdentity(region: String, roleARN: String, roleSessionName: String, webIdentityToken: String, credentialFeatureIDs: [String]) async throws -> AWSSDKIdentity.AWSCredentialIdentity { - let stsConfig = try await STSClient.STSClientConfiguration(region: region) - stsConfig.addInterceptorProvider(AWSSDKIdentity.CredentialFeatureIDInterceptorProvider(featureIDsToAdd: credentialFeatureIDs)) - let sts = STSClient(config: stsConfig) - var out: AssumeRoleWithWebIdentityOutput - do { - out = try await sts.assumeRoleWithWebIdentity(input: AssumeRoleWithWebIdentityInput( - roleArn: roleARN, roleSessionName: roleSessionName, webIdentityToken: webIdentityToken - )) - } catch is ExpiredTokenException { - throw AWSSDKIdentity.IdentityProvidingSTSClientError.expiredTokenException - } catch is IDPCommunicationErrorException { - throw AWSSDKIdentity.IdentityProvidingSTSClientError.idpCommunicationErrorException - } catch { - throw AWSSDKIdentity.AWSCredentialIdentityResolverError.failedToResolveAWSCredentials( - "STSWebIdentityAWSCredentialIdentityResolver: Failed to retrieve credentials from STS with web identity token." - ) - } - guard let creds = out.credentials, let access = creds.accessKeyId, let secret = creds.secretAccessKey else { - throw AWSCredentialIdentityResolverError.failedToResolveAWSCredentials( - "STSWebIdentityAWSCredentialIdentityResolver: Failed to retrieve credentials from STS with web identity token." - ) - } - var properties = Smithy.Attributes() - properties.set(key: AWSSDKIdentity.AWSIdentityPropertyKeys.credentialFeatureIDs, value: credentialFeatureIDs + [AWSSDKIdentity.CredentialFeatureID.CREDENTIALS_STS_ASSUME_ROLE_WEB_ID.rawValue]) - return AWSCredentialIdentity( - accessKey: access, secret: secret, expiration: creds.expiration, sessionToken: creds.sessionToken, properties: properties - ) - } -} diff --git a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/Models.swift b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/Models.swift index 6cbed42a9cd..23698b84cbd 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/Models.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/Models.swift @@ -28,7 +28,7 @@ import protocol ClientRuntime.ModeledError extension STSClientTypes { /// The identifiers for the temporary security credentials that the operation returns. - internal struct AssumedRoleUser: Swift.Sendable { + package struct AssumedRoleUser: Swift.Sendable { /// The ARN of the temporary security credentials that are returned from the [AssumeRole] action. For more information about ARNs and how to use them in policies, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in the IAM User Guide. /// This member is required. public var arn: Swift.String? @@ -47,9 +47,9 @@ extension STSClientTypes { } /// The web identity token that was passed is expired or is not valid. Get a new identity token from the identity provider and then retry the request. -internal struct ExpiredTokenException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct ExpiredTokenException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { public internal(set) var message: Swift.String? = nil } @@ -70,9 +70,9 @@ internal struct ExpiredTokenException: ClientRuntime.ModeledError, AWSClientRunt } /// The request was rejected because the policy document was malformed. The error message describes the specific error. -internal struct MalformedPolicyDocumentException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct MalformedPolicyDocumentException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { public internal(set) var message: Swift.String? = nil } @@ -93,9 +93,9 @@ internal struct MalformedPolicyDocumentException: ClientRuntime.ModeledError, AW } /// The request was rejected because the total packed size of the session policies and session tags combined was too large. An Amazon Web Services conversion compresses the session policy document, session policy ARNs, and session tags into a packed binary format that has a separate limit. The error message indicates by percentage how close the policies and tags are to the upper size limit. For more information, see [Passing Session Tags in STS](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the IAM User Guide. You could receive this error even though you meet other defined session policy and session tag limits. For more information, see [IAM and STS Entity Character Limits](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length) in the IAM User Guide. -internal struct PackedPolicyTooLargeException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct PackedPolicyTooLargeException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { public internal(set) var message: Swift.String? = nil } @@ -116,9 +116,9 @@ internal struct PackedPolicyTooLargeException: ClientRuntime.ModeledError, AWSCl } /// STS is not activated in the requested region for the account that is being asked to generate credentials. The account administrator must use the IAM console to activate STS in that region. For more information, see [Activating and Deactivating STS in an Amazon Web Services Region](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) in the IAM User Guide. -internal struct RegionDisabledException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct RegionDisabledException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { public internal(set) var message: Swift.String? = nil } @@ -141,7 +141,7 @@ internal struct RegionDisabledException: ClientRuntime.ModeledError, AWSClientRu extension STSClientTypes { /// A reference to the IAM managed policy that is passed as a session policy for a role session or a federated user session. - internal struct PolicyDescriptorType: Swift.Sendable { + package struct PolicyDescriptorType: Swift.Sendable { /// The Amazon Resource Name (ARN) of the IAM managed policy to use as a session policy for the role. For more information about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the Amazon Web Services General Reference. public var arn: Swift.String? @@ -156,7 +156,7 @@ extension STSClientTypes { extension STSClientTypes { /// Contains information about the provided context. This includes the signed and encrypted trusted context assertion and the context provider ARN from which the trusted context assertion was generated. - internal struct ProvidedContext: Swift.Sendable { + package struct ProvidedContext: Swift.Sendable { /// The signed and encrypted trusted context assertion generated by the context provider. The trusted context assertion is signed and encrypted by Amazon Web Services STS. public var contextAssertion: Swift.String? /// The context provider ARN from which the trusted context assertion was generated. @@ -175,7 +175,7 @@ extension STSClientTypes { extension STSClientTypes { /// You can pass custom key-value pair attributes when you assume a role or federate a user. These are called session tags. You can then use the session tags to control access to resources. For more information, see [Tagging Amazon Web Services STS Sessions](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the IAM User Guide. - internal struct Tag: Swift.Sendable { + package struct Tag: Swift.Sendable { /// The key for a session tag. You can pass up to 50 session tags. The plain text session tag keys can’t exceed 128 characters. For these and additional limits, see [IAM and STS Character Limits](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) in the IAM User Guide. /// This member is required. public var key: Swift.String? @@ -193,7 +193,7 @@ extension STSClientTypes { } } -internal struct AssumeRoleInput: Swift.Sendable { +package struct AssumeRoleInput: Swift.Sendable { /// The duration, in seconds, of the role session. The value specified can range from 900 seconds (15 minutes) up to the maximum session duration set for the role. The maximum session duration setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting or the administrator setting (whichever is lower), the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. Role chaining limits your Amazon Web Services CLI or Amazon Web Services API role session to a maximum of one hour. When you use the AssumeRole API operation to assume a role, you can specify the duration of your role session with the DurationSeconds parameter. You can specify a parameter value of up to 43200 seconds (12 hours), depending on the maximum session duration setting for your role. However, if you assume a role using role chaining and provide a DurationSeconds parameter value greater than one hour, the operation fails. To learn how to view the maximum value for your role, see [Update the maximum session duration for a role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-role-settings.html#id_roles_update-session-duration). By default, the value is set to 3600 seconds. The DurationSeconds parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a SessionDuration parameter that specifies the maximum length of the console session. For more information, see [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) in the IAM User Guide. public var durationSeconds: Swift.Int? /// A unique identifier that might be required when you assume a role in another account. If the administrator of the account to which the role belongs provided you with an external ID, then provide that value in the ExternalId parameter. This value can be any string, such as a passphrase or account number. A cross-account role is usually set up to trust everyone in an account. Therefore, the administrator of the trusting account might send an external ID to the administrator of the trusted account. That way, only someone with the ID can assume the role, rather than everyone in the account. For more information about the external ID, see [How to Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) in the IAM User Guide. The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/- @@ -253,7 +253,7 @@ internal struct AssumeRoleInput: Swift.Sendable { extension STSClientTypes { /// Amazon Web Services credentials for API authentication. - internal struct Credentials: Swift.Sendable { + package struct Credentials: Swift.Sendable { /// The access key ID that identifies the temporary security credentials. /// This member is required. public var accessKeyId: Swift.String? @@ -287,7 +287,7 @@ extension STSClientTypes.Credentials: Swift.CustomDebugStringConvertible { } /// Contains the response to a successful [AssumeRole] request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests. -internal struct AssumeRoleOutput: Swift.Sendable { +package struct AssumeRoleOutput: Swift.Sendable { /// The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers that you can use to refer to the resulting temporary security credentials. For example, you can reference these credentials as a principal in a resource-based policy by using the ARN or assumed role ID. The ARN and ID include the RoleSessionName that you specified when you called AssumeRole. public var assumedRoleUser: STSClientTypes.AssumedRoleUser? /// The temporary security credentials, which include an access key ID, a secret access key, and a security (or session) token. The size of the security token that STS API operations return is not fixed. We strongly recommend that you make no assumptions about the maximum size. @@ -311,9 +311,9 @@ internal struct AssumeRoleOutput: Swift.Sendable { } /// The request could not be fulfilled because the identity provider (IDP) that was asked to verify the incoming identity token could not be reached. This is often a transient error caused by network conditions. Retry the request a limited number of times so that you don't exceed the request rate. If the error persists, the identity provider might be down or not responding. -internal struct IDPCommunicationErrorException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct IDPCommunicationErrorException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { public internal(set) var message: Swift.String? = nil } @@ -334,9 +334,9 @@ internal struct IDPCommunicationErrorException: ClientRuntime.ModeledError, AWSC } /// The identity provider (IdP) reported that authentication failed. This might be because the claim is invalid. If this error is returned for the AssumeRoleWithWebIdentity operation, it can also mean that the claim has expired or has been explicitly revoked. -internal struct IDPRejectedClaimException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct IDPRejectedClaimException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { public internal(set) var message: Swift.String? = nil } @@ -357,9 +357,9 @@ internal struct IDPRejectedClaimException: ClientRuntime.ModeledError, AWSClient } /// The web identity token that was passed could not be validated by Amazon Web Services. Get a new identity token from the identity provider and then retry the request. -internal struct InvalidIdentityTokenException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { +package struct InvalidIdentityTokenException: ClientRuntime.ModeledError, AWSClientRuntime.AWSServiceError, ClientRuntime.HTTPError, Swift.Error, Swift.Sendable { - internal struct Properties: Swift.Sendable { + package struct Properties: Swift.Sendable { public internal(set) var message: Swift.String? = nil } @@ -379,7 +379,7 @@ internal struct InvalidIdentityTokenException: ClientRuntime.ModeledError, AWSCl } } -internal struct AssumeRoleWithWebIdentityInput: Swift.Sendable { +package struct AssumeRoleWithWebIdentityInput: Swift.Sendable { /// The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see [View the Maximum Session Duration Setting for a Role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) in the IAM User Guide. By default, the value is set to 3600 seconds. The DurationSeconds parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a SessionDuration parameter that specifies the maximum length of the console session. For more information, see [Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) in the IAM User Guide. public var durationSeconds: Swift.Int? /// An IAM policy in JSON format that you want to use as an inline session policy. This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see [Session Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) in the IAM User Guide. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage return (\u000D) characters. For more information about role session permissions, see [Session policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session). An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit. @@ -423,7 +423,7 @@ extension AssumeRoleWithWebIdentityInput: Swift.CustomDebugStringConvertible { } /// Contains the response to a successful [AssumeRoleWithWebIdentity] request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests. -internal struct AssumeRoleWithWebIdentityOutput: Swift.Sendable { +package struct AssumeRoleWithWebIdentityOutput: Swift.Sendable { /// The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers that you can use to refer to the resulting temporary security credentials. For example, you can reference these credentials as a principal in a resource-based policy by using the ARN or assumed role ID. The ARN and ID include the RoleSessionName that you specified when you called AssumeRole. public var assumedRoleUser: STSClientTypes.AssumedRoleUser? /// The intended audience (also known as client ID) of the web identity token. This is traditionally the client identifier issued to the application that requested the web identity token. @@ -720,4 +720,4 @@ extension STSClientTypes.ProvidedContext { } } -internal enum STSClientTypes {} +package enum STSClientTypes {} diff --git a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/Plugins.swift b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/Plugins.swift index 0d7ff701da4..49da5ae7584 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/Plugins.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/Plugins.swift @@ -7,18 +7,17 @@ // Code generated by smithy-swift-codegen. DO NOT EDIT! -import class AWSSDKIdentity.DefaultAWSCredentialIdentityResolverChain import protocol ClientRuntime.ClientConfiguration import protocol ClientRuntime.Plugin import protocol SmithyHTTPAuthAPI.AuthSchemeResolver -import protocol SmithyIdentity.AWSCredentialIdentityResolver +@_spi(AWSCredentialIdentityResolver) import protocol SmithyIdentity.AWSCredentialIdentityResolver import protocol SmithyIdentity.BearerTokenIdentityResolver import struct AWSSDKHTTPAuth.SigV4AuthScheme -import struct SmithyIdentity.BearerTokenIdentity -import struct SmithyIdentity.StaticBearerTokenIdentityResolver +@_spi(StaticAWSCredentialIdentityResolver) import struct SmithyIdentity.StaticAWSCredentialIdentityResolver +@_spi(StaticBearerTokenIdentityResolver) import struct SmithyIdentity.StaticBearerTokenIdentityResolver import typealias SmithyHTTPAuthAPI.AuthSchemes -internal class STSClientEndpointPlugin: Plugin { +package class STSClientEndpointPlugin: Plugin { private var endpointResolver: EndpointResolver public init(endpointResolver: EndpointResolver) { @@ -36,7 +35,7 @@ internal class STSClientEndpointPlugin: Plugin { } } -internal class DefaultAWSAuthSchemePlugin: ClientRuntime.Plugin { +package class DefaultAWSAuthSchemePlugin: ClientRuntime.Plugin { public init() {} @@ -44,13 +43,13 @@ internal class DefaultAWSAuthSchemePlugin: ClientRuntime.Plugin { if let config = clientConfiguration as? STSClient.STSClientConfiguration { config.authSchemeResolver = DefaultSTSAuthSchemeResolver() config.authSchemes = [AWSSDKHTTPAuth.SigV4AuthScheme()] - config.awsCredentialIdentityResolver = AWSSDKIdentity.DefaultAWSCredentialIdentityResolverChain() - config.bearerTokenIdentityResolver = SmithyIdentity.StaticBearerTokenIdentityResolver(token: SmithyIdentity.BearerTokenIdentity(token: "")) + config.awsCredentialIdentityResolver = SmithyIdentity.StaticAWSCredentialIdentityResolver() + config.bearerTokenIdentityResolver = SmithyIdentity.StaticBearerTokenIdentityResolver() } } } -internal class STSClientAuthSchemePlugin: ClientRuntime.Plugin { +package class STSClientAuthSchemePlugin: ClientRuntime.Plugin { private var authSchemes: SmithyHTTPAuthAPI.AuthSchemes? private var authSchemePreference: [String] private var authSchemeResolver: SmithyHTTPAuthAPI.AuthSchemeResolver? diff --git a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/STSClient.swift b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/STSClient.swift index df55a5ec7d5..f3d671cd314 100644 --- a/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/STSClient.swift +++ b/Sources/Core/AWSSDKIdentity/Sources/InternalAWSSTS/STSClient.swift @@ -10,7 +10,6 @@ import class AWSClientRuntime.AWSClientConfigDefaultsProvider import class AWSClientRuntime.AmzSdkRequestMiddleware import class AWSClientRuntime.DefaultAWSClientPlugin -import class AWSSDKIdentity.DefaultAWSCredentialIdentityResolverChain import class ClientRuntime.ClientBuilder import class ClientRuntime.DefaultClientPlugin import class ClientRuntime.HttpClientConfiguration @@ -40,7 +39,7 @@ import protocol ClientRuntime.TelemetryProvider import protocol Smithy.LogAgent import protocol SmithyHTTPAPI.HTTPClient import protocol SmithyHTTPAuthAPI.AuthSchemeResolver -import protocol SmithyIdentity.AWSCredentialIdentityResolver +@_spi(AWSCredentialIdentityResolver) import protocol SmithyIdentity.AWSCredentialIdentityResolver import protocol SmithyIdentity.BearerTokenIdentityResolver @_spi(SmithyReadWrite) import protocol SmithyReadWrite.SmithyWriter @_spi(AWSEndpointResolverMiddleware) import struct AWSClientRuntime.AWSEndpointResolverMiddleware @@ -58,12 +57,13 @@ import struct ClientRuntime.URLHostMiddleware import struct ClientRuntime.URLPathMiddleware import struct Smithy.Attributes import struct SmithyIdentity.BearerTokenIdentity -import struct SmithyIdentity.StaticBearerTokenIdentityResolver +@_spi(StaticAWSCredentialIdentityResolver) import struct SmithyIdentity.StaticAWSCredentialIdentityResolver +@_spi(StaticBearerTokenIdentityResolver) import struct SmithyIdentity.StaticBearerTokenIdentityResolver import struct SmithyRetries.DefaultRetryStrategy import struct SmithyRetriesAPI.RetryStrategyOptions import typealias SmithyHTTPAuthAPI.AuthSchemes -internal class STSClient: ClientRuntime.Client { +package class STSClient: ClientRuntime.Client { public static let clientName = "STSClient" public static let version = "1.5.13" let client: ClientRuntime.SdkHttpClient @@ -206,7 +206,7 @@ extension STSClient { useFIPS, useDualStack, try appID ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.appID(), - awsCredentialIdentityResolver ?? AWSSDKIdentity.DefaultAWSCredentialIdentityResolverChain(), + awsCredentialIdentityResolver ?? SmithyIdentity.StaticAWSCredentialIdentityResolver(), try awsRetryMode ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.retryMode(), maxAttempts, try requestChecksumCalculation ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.requestChecksumCalculation(requestChecksumCalculation), @@ -264,7 +264,7 @@ extension STSClient { useFIPS, useDualStack, try appID ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.appID(), - awsCredentialIdentityResolver ?? AWSSDKIdentity.DefaultAWSCredentialIdentityResolverChain(), + awsCredentialIdentityResolver ?? SmithyIdentity.StaticAWSCredentialIdentityResolver(), try awsRetryMode ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.retryMode(), maxAttempts, try requestChecksumCalculation ?? AWSClientRuntime.AWSClientConfigDefaultsProvider.requestChecksumCalculation(requestChecksumCalculation), @@ -326,7 +326,7 @@ extension STSClient { nil, nil, try AWSClientRuntime.AWSClientConfigDefaultsProvider.appID(), - AWSSDKIdentity.DefaultAWSCredentialIdentityResolverChain(), + SmithyIdentity.StaticAWSCredentialIdentityResolver(), try AWSClientRuntime.AWSClientConfigDefaultsProvider.retryMode(), nil, try AWSClientConfigDefaultsProvider.requestChecksumCalculation(), diff --git a/Sources/Core/AWSSDKIdentityAPI/Sources/AWSSDKIdentityAPI/S3ExpressIdentity.swift b/Sources/Core/AWSSDKIdentityAPI/Sources/AWSSDKIdentityAPI/S3ExpressIdentity.swift new file mode 100644 index 00000000000..fce426d050a --- /dev/null +++ b/Sources/Core/AWSSDKIdentityAPI/Sources/AWSSDKIdentityAPI/S3ExpressIdentity.swift @@ -0,0 +1,32 @@ +// +// Copyright Amazon.com Inc. or its affiliates. +// All Rights Reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// + +import protocol SmithyIdentityAPI.Identity +import struct Foundation.Date +import struct Smithy.Attributes + +public struct S3ExpressIdentity: Identity { + public var accessKeyID: String + public var secretAccessKey: String + public var sessionToken: String + public var expiration: Date? + public let properties: Attributes + + public init( + accessKeyID: String, + secretAccessKey: String, + sessionToken: String, + expiration: Date?, + properties: Attributes = Attributes() + ) { + self.accessKeyID = accessKeyID + self.secretAccessKey = secretAccessKey + self.sessionToken = sessionToken + self.expiration = expiration + self.properties = properties + } +} diff --git a/Sources/Core/AWSSDKIdentityAPI/Sources/AWSSDKIdentityAPI/S3ExpressIdentityResolver.swift b/Sources/Core/AWSSDKIdentityAPI/Sources/AWSSDKIdentityAPI/S3ExpressIdentityResolver.swift new file mode 100644 index 00000000000..492fe02e6f4 --- /dev/null +++ b/Sources/Core/AWSSDKIdentityAPI/Sources/AWSSDKIdentityAPI/S3ExpressIdentityResolver.swift @@ -0,0 +1,11 @@ +// +// Copyright Amazon.com Inc. or its affiliates. +// All Rights Reserved. +// +// SPDX-License-Identifier: Apache-2.0 +// + +import struct Smithy.Attributes +import protocol SmithyIdentityAPI.IdentityResolver + +public protocol S3ExpressIdentityResolver: IdentityResolver where IdentityT == S3ExpressIdentity {} diff --git a/codegen/sdk-codegen/build.gradle.kts b/codegen/sdk-codegen/build.gradle.kts index e6e6798bda8..78722f0d482 100644 --- a/codegen/sdk-codegen/build.gradle.kts +++ b/codegen/sdk-codegen/build.gradle.kts @@ -73,6 +73,7 @@ data class AwsService( val gitRepo: String, val sdkId: String, val visibility: String, + val internalClient: Boolean, ) // Generates a smithy-build.json file by creating a new projection. @@ -105,7 +106,8 @@ fun generateSmithyBuild(services: List): String { "swiftVersion": "5.9.0", "mergeModels": true, "copyrightNotice": "//\n// Copyright Amazon.com Inc. or its affiliates.\n// All Rights Reserved.\n//\n// SPDX-License-Identifier: Apache-2.0\n//\n\n// Code generated by smithy-swift-codegen. DO NOT EDIT!\n\n", - "visibility": "${service.visibility}" + "visibility": "${service.visibility}", + "internalClient": ${service.internalClient} } } } @@ -163,7 +165,8 @@ fun discoverServices(): List { projectionName = name + "." + version.toLowerCase(), sdkId = serviceApi.sdkId, gitRepo = "https://github.com/awslabs/aws-sdk-swift", - visibility = "public" + visibility = "public", + internalClient = false, ) // Codegen internal STS client for use by credential resolvers. @@ -176,7 +179,8 @@ fun discoverServices(): List { projectionName = "${name}.${version.toLowerCase()}_internal", sdkId = serviceApi.sdkId, gitRepo = "https://github.com/awslabs/aws-sdk-swift", - visibility = "internal" + visibility = "package", + internalClient = true, ) listOf(publicService, internalProjection) } else { @@ -189,14 +193,14 @@ val discoveredServices: List by lazy { discoverServices() } val packageVersion = rootProject.file("Package.version.next").readText(Charset.forName("UTF-8")).trim() val AwsService.outputDir: String - get() = when (this.visibility) { - "internal" -> project.file("${project.buildDir}/smithyprojections/${project.name}/${projectionName}/swift-codegen/Sources").absolutePath + get() = when (this.internalClient) { + true -> project.file("${project.buildDir}/smithyprojections/${project.name}/${projectionName}/swift-codegen/Sources").absolutePath else -> project.file("${project.buildDir}/smithyprojections/${project.name}/${projectionName}/swift-codegen").absolutePath } val AwsService.sourcesDir: String - get() = when (this.visibility) { - "internal" -> rootProject.file("Sources/Core/AWSSDKIdentity/Sources").absolutePath + get() = when (this.internalClient) { + true -> rootProject.file("Sources/Core/AWSSDKIdentity/Sources").absolutePath else -> rootProject.file("Sources/Services/$packageName").absolutePath } diff --git a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/AWSHTTPProtocolCustomizations.kt b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/AWSHTTPProtocolCustomizations.kt index 97f0f49daec..02aac08e6a6 100644 --- a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/AWSHTTPProtocolCustomizations.kt +++ b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/AWSHTTPProtocolCustomizations.kt @@ -9,8 +9,6 @@ import software.amazon.smithy.aws.swift.codegen.customization.RulesBasedAuthSche import software.amazon.smithy.aws.swift.codegen.customization.s3.isS3 import software.amazon.smithy.aws.swift.codegen.swiftmodules.AWSClientRuntimeTypes import software.amazon.smithy.aws.swift.codegen.swiftmodules.AWSSDKEventStreamsAuthTypes -import software.amazon.smithy.aws.swift.codegen.swiftmodules.AWSSDKIdentityTypes -import software.amazon.smithy.aws.swift.codegen.swiftmodules.InternalClientTypes import software.amazon.smithy.codegen.core.Symbol import software.amazon.smithy.model.shapes.OperationShape import software.amazon.smithy.model.shapes.ServiceShape @@ -66,36 +64,7 @@ abstract class AWSHTTPProtocolCustomizations : DefaultHTTPProtocolCustomizations } override fun renderInternals(ctx: ProtocolGenerator.GenerationContext) { - AuthSchemeResolverGenerator( - // Skip auth option customization w/ internal service clients for protocol test codegen. - // Internal service clients are contained in aws-sdk-swift targets that ARE NOT vended externally - // via a product, meaning service clients generated outside of aws-sdk-swift CANNOT depend on - // the internal service clients. Not to mention it's not even needed for protocol tests. - // - // Also skip auth option customization for internal service clients themselves. - // SSO::getRoleCredentials, SSOOIDC::createToken, and STS::assumeRoleWithWebIdentity are all noAuth. - if (ctx.settings.forProtocolTests || ctx.settings.visibility == "internal") { - null - } else { - { authOptionName, writer -> - writer.write( - "$authOptionName.identityProperties.set(key: \$N.internalSTSClientKey, value: \$N())", - AWSSDKIdentityTypes.InternalClientKeys, - InternalClientTypes.IdentityProvidingSTSClient, - ) - writer.write( - "$authOptionName.identityProperties.set(key: \$N.internalSSOClientKey, value: \$N())", - AWSSDKIdentityTypes.InternalClientKeys, - InternalClientTypes.IdentityProvidingSSOClient, - ) - writer.write( - "$authOptionName.identityProperties.set(key: \$N.internalSSOOIDCClientKey, value: \$N())", - AWSSDKIdentityTypes.InternalClientKeys, - InternalClientTypes.IdentityProvidingSSOOIDCClient, - ) - } - }, - ).render(ctx) + AuthSchemeResolverGenerator().render(ctx) // Generate rules-based auth scheme resolver for services that depend on endpoint resolver for auth scheme resolution if (AuthSchemeResolverGenerator.usesRulesBasedAuthResolver(ctx)) { RulesBasedAuthSchemeResolverGenerator().render(ctx) diff --git a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/AWSHttpProtocolServiceClient.kt b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/AWSHttpProtocolServiceClient.kt index 7ff7ea15f7a..a8bfd8099bd 100644 --- a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/AWSHttpProtocolServiceClient.kt +++ b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/AWSHttpProtocolServiceClient.kt @@ -62,7 +62,9 @@ class AWSHttpProtocolServiceClient( ConfigProperty( "bearerTokenIdentityResolver", SmithyIdentityTypes.BearerTokenIdentityResolver.toGeneric(), - { it.format("\$N()", AWSSDKIdentityTypes.DefaultBearerTokenIdentityResolverChain) }, + { + it.format("\$N()", AWSSDKIdentityTypes.DefaultBearerTokenIdentityResolverChain) + }, true, ) } else { @@ -156,7 +158,11 @@ class AWSHttpProtocolServiceClient( writer.write("region,") } "awsCredentialIdentityResolver" -> { - writer.write("\$N(),", AWSSDKIdentityTypes.DefaultAWSCredentialIdentityResolverChain) + if (ctx.settings.internalClient) { + writer.write("\$N(),", SmithyIdentityTypes.StaticAWSCredentialIdentityResolver) + } else { + writer.write("\$N(),", AWSSDKIdentityTypes.DefaultAWSCredentialIdentityResolverChain) + } } "retryStrategyOptions" -> { writer.write("try AWSClientConfigDefaultsProvider.retryStrategyOptions(),") diff --git a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/AWSSwiftDependency.kt b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/AWSSwiftDependency.kt index 293036a3ded..dcf9ea965f9 100644 --- a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/AWSSwiftDependency.kt +++ b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/AWSSwiftDependency.kt @@ -17,6 +17,16 @@ class AWSSwiftDependency { "AWSSDKChecksums", SwiftDependency.DistributionMethod.SPR, ) + val AWS_SDK_IDENTITY_API = + SwiftDependency( + "AWSSDKIdentityAPI", + "main", + "0.0.1", + "aws-sdk-swift", + "../../../aws-sdk-swift", + "AWSSDKIdentityAPI", + SwiftDependency.DistributionMethod.SPR, + ) val AWS_SDK_IDENTITY = SwiftDependency( "AWSSDKIdentity", @@ -57,35 +67,5 @@ class AWSSwiftDependency { "AWSClientRuntime", SwiftDependency.DistributionMethod.SPR, ) - val INTERNAL_AWS_STS = - SwiftDependency( - "InternalAWSSTS", - "main", - "0.0.1", - "aws-sdk-swift", - "../../../aws-sdk-swift", - "InternalAWSSTS", - SwiftDependency.DistributionMethod.SPR, - ) - val INTERNAL_AWS_SSO = - SwiftDependency( - "InternalAWSSSO", - "main", - "0.0.1", - "aws-sdk-swift", - "../../../aws-sdk-swift", - "InternalAWSSSO", - SwiftDependency.DistributionMethod.SPR, - ) - val INTERNAL_AWS_SSO_OIDC = - SwiftDependency( - "InternalAWSSSOOIDC", - "main", - "0.0.1", - "aws-sdk-swift", - "../../../aws-sdk-swift", - "InternalAWSSSOOIDC", - SwiftDependency.DistributionMethod.SPR, - ) } } diff --git a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/config/AWSDefaultClientConfiguration.kt b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/config/AWSDefaultClientConfiguration.kt index e80d496c69a..f61861ece4f 100644 --- a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/config/AWSDefaultClientConfiguration.kt +++ b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/config/AWSDefaultClientConfiguration.kt @@ -34,10 +34,11 @@ class AWSDefaultClientConfiguration : ClientConfiguration { "awsCredentialIdentityResolver", SmithyIdentityTypes.AWSCredentialIdentityResolver.toGeneric(), { - it.format( - "\$N()", - AWSSDKIdentityTypes.DefaultAWSCredentialIdentityResolverChain, - ) + if (ctx.settings.internalClient) { + it.format("\$N()", SmithyIdentityTypes.StaticAWSCredentialIdentityResolver) + } else { + it.format("\$N()", AWSSDKIdentityTypes.DefaultAWSCredentialIdentityResolverChain) + } }, ), ConfigProperty( diff --git a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/RulesBasedAuthSchemeResolverGenerator.kt b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/RulesBasedAuthSchemeResolverGenerator.kt index a4d2c608edd..07b691188ca 100644 --- a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/RulesBasedAuthSchemeResolverGenerator.kt +++ b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/RulesBasedAuthSchemeResolverGenerator.kt @@ -2,7 +2,6 @@ package software.amazon.smithy.aws.swift.codegen.customization import software.amazon.smithy.aws.swift.codegen.customization.s3.isS3 import software.amazon.smithy.aws.swift.codegen.swiftmodules.AWSSDKIdentityTypes -import software.amazon.smithy.aws.swift.codegen.swiftmodules.InternalClientTypes import software.amazon.smithy.aws.traits.auth.SigV4ATrait import software.amazon.smithy.aws.traits.auth.SigV4Trait import software.amazon.smithy.rulesengine.language.EndpointRuleSet @@ -112,7 +111,6 @@ class RulesBasedAuthSchemeResolverGenerator { "sigV4Option.signingProperties.set(key: \$N.signingRegion, value: param.signingRegion)", SmithyHTTPAuthAPITypes.SigningPropertyKeys, ) - renderInternalClientInits(writer) write("validAuthOptions.append(sigV4Option)") dedent() // SigV4A case @@ -127,7 +125,6 @@ class RulesBasedAuthSchemeResolverGenerator { "sigV4Option.signingProperties.set(key: \$N.signingRegion, value: param.signingRegionSet?[0])", SmithyHTTPAuthAPITypes.SigningPropertyKeys, ) - renderInternalClientInits(writer) write("validAuthOptions.append(sigV4Option)") dedent() // sigv4-s3express case @@ -171,26 +168,6 @@ class RulesBasedAuthSchemeResolverGenerator { } } - private fun renderInternalClientInits(writer: SwiftWriter) { - writer.apply { - write( - "sigV4Option.identityProperties.set(key: \$N.internalSTSClientKey, value: \$N())", - AWSSDKIdentityTypes.InternalClientKeys, - InternalClientTypes.IdentityProvidingSTSClient, - ) - write( - "sigV4Option.identityProperties.set(key: \$N.internalSSOClientKey, value: \$N())", - AWSSDKIdentityTypes.InternalClientKeys, - InternalClientTypes.IdentityProvidingSSOClient, - ) - write( - "sigV4Option.identityProperties.set(key: \$N.internalSSOOIDCClientKey, value: \$N())", - AWSSDKIdentityTypes.InternalClientKeys, - InternalClientTypes.IdentityProvidingSSOOIDCClient, - ) - } - } - private fun renderConstructParametersMethod( ctx: ProtocolGenerator.GenerationContext, returnTypeName: String, diff --git a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/credentialresolverservices/IdentityProvidingSSOClientIntegration.kt b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/credentialresolverservices/IdentityProvidingSSOClientIntegration.kt deleted file mode 100644 index 41d4c08fc06..00000000000 --- a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/credentialresolverservices/IdentityProvidingSSOClientIntegration.kt +++ /dev/null @@ -1,108 +0,0 @@ -package software.amazon.smithy.aws.swift.codegen.customization.credentialresolverservices - -import software.amazon.smithy.aws.swift.codegen.swiftmodules.AWSSDKIdentityTypes -import software.amazon.smithy.model.Model -import software.amazon.smithy.swift.codegen.SwiftDelegator -import software.amazon.smithy.swift.codegen.SwiftSettings -import software.amazon.smithy.swift.codegen.core.SwiftCodegenContext -import software.amazon.smithy.swift.codegen.integration.ProtocolGenerator -import software.amazon.smithy.swift.codegen.integration.SwiftIntegration -import software.amazon.smithy.swift.codegen.swiftmodules.FoundationTypes -import software.amazon.smithy.swift.codegen.swiftmodules.SmithyTypes - -class IdentityProvidingSSOClientIntegration : SwiftIntegration { - override fun enabledForService( - model: Model, - settings: SwiftSettings, - ): Boolean = settings.moduleName == "InternalAWSSSO" - - override fun writeAdditionalFiles( - ctx: SwiftCodegenContext, - protocolGenerationContext: ProtocolGenerator.GenerationContext, - delegator: SwiftDelegator, - ) { - val path = "Sources/InternalAWSSSO/IdentityProvidingSSOClient.swift" - delegator.useFileWriter(path) { writer -> - writer.openBlock( - "package struct IdentityProvidingSSOClient: \$N {", - "}", - AWSSDKIdentityTypes.IdentityProvidingSSOClient, - ) { - writer.write("package init() {}") - writer.write("") - writer.openBlock( - "package func getCredentialsWithSSOToken(region: String, accessToken: String, accountID: String, roleName: String, credentialFeatureIDs: [String]) async throws -> \$N {", - "}", - AWSSDKIdentityTypes.AWSCredentialIdentity, - ) { - writer.write("let ssoConfig = try await SSOClient.SSOClientConfiguration(region: region)") - writer.write( - "ssoConfig.addInterceptorProvider(\$N(featureIDsToAdd: credentialFeatureIDs))", - AWSSDKIdentityTypes.CredentialFeatureIDInterceptorProvider, - ) - writer.write("let sso = SSOClient(config: ssoConfig)") - writer.write("let input = GetRoleCredentialsInput(accessToken: accessToken, accountId: accountID, roleName: roleName)") - writer.write("let out = try await sso.getRoleCredentials(input: input)") - writer.openBlock( - "guard let accessKey = out.roleCredentials?.accessKeyId, let secretKey = out.roleCredentials?.secretAccessKey else {", - "}", - ) { - writer.write( - "throw \$N.failedToResolveAWSCredentials(\"SSOAWSCredentialIdentityResolver: Failed to retrieve temporary credentials using SSO token.\")", - AWSSDKIdentityTypes.AWSCredentialIdentityResolverError, - ) - } - writer.write( - "var expiration: \$N? = nil", - FoundationTypes.Date, - ) - writer.openBlock( - "if let expiresIn = out.roleCredentials?.expiration {", - "}", - ) { - writer.write( - "expiration = \$N().addingTimeInterval(\$N(expiresIn))", - FoundationTypes.Date, - FoundationTypes.TimeInterval, - ) - } - writer.write("var properties = \$N()", SmithyTypes.Attributes) - writer.write( - "if credentialFeatureIDs.last == \$N.CREDENTIALS_PROFILE_SSO_LEGACY.rawValue {", - AWSSDKIdentityTypes.CredentialFeatureID, - ) - writer.indent() - writer.write( - "properties.set(key: \$N.credentialFeatureIDs, value: credentialFeatureIDs + [\$N.CREDENTIALS_SSO_LEGACY.rawValue])", - AWSSDKIdentityTypes.AWSIdentityPropertyKeys, - AWSSDKIdentityTypes.CredentialFeatureID, - ) - writer.dedent() - writer.write( - "} else if credentialFeatureIDs.last == \$N.CREDENTIALS_PROFILE_SSO.rawValue {", - AWSSDKIdentityTypes.CredentialFeatureID, - ) - writer.indent() - writer.write( - "properties.set(key: \$N.credentialFeatureIDs, value: credentialFeatureIDs + [\$N.CREDENTIALS_SSO.rawValue])", - AWSSDKIdentityTypes.AWSIdentityPropertyKeys, - AWSSDKIdentityTypes.CredentialFeatureID, - ) - writer.dedent() - writer.write("} else {") - writer.indent() - writer.write( - "throw \$N.failedToResolveAWSCredentials(\"SSOAWSCredentialIdentityResolver: Invalid last feature ID found. This should never happen.\")", - AWSSDKIdentityTypes.AWSCredentialIdentityResolverError, - ) - writer.dedent() - writer.write("}") - writer.write( - "return \$N(accessKey: accessKey, secret: secretKey, accountID: accountID, expiration: expiration, sessionToken: out.roleCredentials?.sessionToken, properties: properties)", - AWSSDKIdentityTypes.AWSCredentialIdentity, - ) - } - } - } - } -} diff --git a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/credentialresolverservices/IdentityProvidingSSOOIDCClientIntegration.kt b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/credentialresolverservices/IdentityProvidingSSOOIDCClientIntegration.kt deleted file mode 100644 index e755f7693d5..00000000000 --- a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/credentialresolverservices/IdentityProvidingSSOOIDCClientIntegration.kt +++ /dev/null @@ -1,60 +0,0 @@ -package software.amazon.smithy.aws.swift.codegen.customization.credentialresolverservices - -import software.amazon.smithy.aws.swift.codegen.swiftmodules.AWSSDKIdentityTypes -import software.amazon.smithy.model.Model -import software.amazon.smithy.swift.codegen.SwiftDelegator -import software.amazon.smithy.swift.codegen.SwiftSettings -import software.amazon.smithy.swift.codegen.core.SwiftCodegenContext -import software.amazon.smithy.swift.codegen.integration.ProtocolGenerator -import software.amazon.smithy.swift.codegen.integration.SwiftIntegration -import software.amazon.smithy.swift.codegen.swiftmodules.FoundationTypes -import software.amazon.smithy.swift.codegen.swiftmodules.SmithyIdentityTypes - -class IdentityProvidingSSOOIDCClientIntegration : SwiftIntegration { - override fun enabledForService( - model: Model, - settings: SwiftSettings, - ): Boolean = settings.moduleName == "InternalAWSSSOOIDC" - - override fun writeAdditionalFiles( - ctx: SwiftCodegenContext, - protocolGenerationContext: ProtocolGenerator.GenerationContext, - delegator: SwiftDelegator, - ) { - val path = "Sources/InternalAWSSSOOIDC/IdentityProvidingSSOOIDCClient.swift" - delegator.useFileWriter(path) { writer -> - writer.openBlock( - "package struct IdentityProvidingSSOOIDCClient: \$N {", - "}", - AWSSDKIdentityTypes.IdentityProvidingSSOOIDCClient, - ) { - writer.write("package init() {}") - writer.write("") - writer.openBlock( - "package func createToken(region: String, clientID: String, clientSecret: String, refreshToken: String, credentialFeatureIDs: [String]) async throws -> (refreshToken: String?, \$N) {", - "}", - SmithyIdentityTypes.BearerTokenIdentity, - ) { - writer.write("let ssoOIDCConfig = try await SSOOIDCClient.SSOOIDCClientConfiguration(region: region)") - writer.write( - "ssoOIDCConfig.addInterceptorProvider(\$N(featureIDsToAdd: credentialFeatureIDs))", - AWSSDKIdentityTypes.CredentialFeatureIDInterceptorProvider, - ) - writer.write("let ssoOIDC = SSOOIDCClient(config: ssoOIDCConfig)") - writer.write( - "let input = CreateTokenInput(clientId: clientID, clientSecret: clientSecret, " + - "grantType: \"refresh_token\", refreshToken: refreshToken)", - ) - writer.write("let out = try await ssoOIDC.createToken(input: input)") - writer.write( - "let expiration = \$N().addingTimeInterval(\$N(out.expiresIn))", - FoundationTypes.Date, - FoundationTypes.TimeInterval, - ) - writer.write("let token = BearerTokenIdentity(token: out.accessToken ?? \"\", expiration: expiration)") - writer.write("return (out.refreshToken, token)") - } - } - } - } -} diff --git a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/credentialresolverservices/IdentityProvidingSTSClientIntegration.kt b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/credentialresolverservices/IdentityProvidingSTSClientIntegration.kt deleted file mode 100644 index c323d0bc0c1..00000000000 --- a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/credentialresolverservices/IdentityProvidingSTSClientIntegration.kt +++ /dev/null @@ -1,169 +0,0 @@ -package software.amazon.smithy.aws.swift.codegen.customization.credentialresolverservices - -import software.amazon.smithy.aws.swift.codegen.swiftmodules.AWSSDKIdentityTypes -import software.amazon.smithy.model.Model -import software.amazon.smithy.swift.codegen.SwiftDelegator -import software.amazon.smithy.swift.codegen.SwiftSettings -import software.amazon.smithy.swift.codegen.core.SwiftCodegenContext -import software.amazon.smithy.swift.codegen.integration.ProtocolGenerator -import software.amazon.smithy.swift.codegen.integration.SwiftIntegration -import software.amazon.smithy.swift.codegen.swiftmodules.FoundationTypes -import software.amazon.smithy.swift.codegen.swiftmodules.SmithyIdentityTypes -import software.amazon.smithy.swift.codegen.swiftmodules.SmithyTypes -import software.amazon.smithy.swift.codegen.swiftmodules.SwiftTypes - -class IdentityProvidingSTSClientIntegration : SwiftIntegration { - override fun enabledForService( - model: Model, - settings: SwiftSettings, - ): Boolean = settings.moduleName == "InternalAWSSTS" - - override fun writeAdditionalFiles( - ctx: SwiftCodegenContext, - protocolGenerationContext: ProtocolGenerator.GenerationContext, - delegator: SwiftDelegator, - ) { - val path = "Sources/InternalAWSSTS/IdentityProvidingSTSClient.swift" - delegator.useFileWriter(path) { writer -> - writer.openBlock( - "package struct IdentityProvidingSTSClient: \$N, \$N {", - "}", - AWSSDKIdentityTypes.IdentityProvidingSTSClient, - SwiftTypes.Protocols.Sendable, - ) { - writer.write("package init() {}") - writer.write("") - writer.openBlock( - "package func assumeRoleWithCreds(creds: \$N, roleARN: String, roleSessionName: String, durationSeconds: \$N, credentialFeatureIDs: [String]) async throws -> \$N {", - "}", - AWSSDKIdentityTypes.AWSCredentialIdentity, - FoundationTypes.TimeInterval, - AWSSDKIdentityTypes.AWSCredentialIdentity, - ) { - writer.write("let stsConfig = try await STSClient.STSClientConfiguration()") - writer.write( - "stsConfig.awsCredentialIdentityResolver = \$N(creds)", - SmithyIdentityTypes.StaticAWSCredentialIdentityResolver, - ) - writer.write("let sts = STSClient(config: stsConfig)") - writer.write( - "let out = try await sts.assumeRole(input: AssumeRoleInput(durationSeconds: " + - "Int(durationSeconds), roleArn: roleARN, roleSessionName: roleSessionName))", - ) - writer.openBlock( - "guard let creds = out.credentials, let accessKey = creds.accessKeyId, let secretKey = creds.secretAccessKey else {", - "}", - ) { - writer.write( - "throw \$N.failedToResolveAWSCredentials(\"STSAssumeRoleAWSCredentialIdentityResolver:" + - "Failed to retrieve credentials from STS with assume role.\")", - AWSSDKIdentityTypes.AWSCredentialIdentityResolverError, - ) - } - writer.write("var properties = \$N()", SmithyTypes.Attributes) - writer.write( - "if credentialFeatureIDs.last == \$N.CREDENTIALS_STS_ASSUME_ROLE.rawValue {", - AWSSDKIdentityTypes.CredentialFeatureID, - ) - writer.indent() - writer.write( - "properties.set(key: \$N.credentialFeatureIDs, value: credentialFeatureIDs)", - AWSSDKIdentityTypes.AWSIdentityPropertyKeys, - ) - writer.dedent() - writer.write("} else {") - writer.indent() - writer.write( - "properties.set(key: \$N.credentialFeatureIDs, value: credentialFeatureIDs + [\$N.CREDENTIALS_STS_ASSUME_ROLE.rawValue])", - AWSSDKIdentityTypes.AWSIdentityPropertyKeys, - AWSSDKIdentityTypes.CredentialFeatureID, - ) - writer.dedent() - writer.write("}") - writer.write( - "return AWSCredentialIdentity(accessKey: accessKey, secret: secretKey, " + - "expiration: creds.expiration, sessionToken: creds.sessionToken, properties: properties)", - ) - } - writer.write("") - writer.openBlock( - "package func getCredentialsWithWebIdentity(region: String, roleARN: String, " + - "roleSessionName: String, webIdentityToken: String, credentialFeatureIDs: [String]) async throws -> \$N {", - "}", - AWSSDKIdentityTypes.AWSCredentialIdentity, - ) { - writer.write("let stsConfig = try await STSClient.STSClientConfiguration(region: region)") - writer.write( - "stsConfig.addInterceptorProvider(\$N(featureIDsToAdd: credentialFeatureIDs))", - AWSSDKIdentityTypes.CredentialFeatureIDInterceptorProvider, - ) - writer.write("let sts = STSClient(config: stsConfig)") - writer.write("var out: AssumeRoleWithWebIdentityOutput") - writer.write("do {") - writer.indent() - writer.openBlock( - "out = try await sts.assumeRoleWithWebIdentity(input: AssumeRoleWithWebIdentityInput(", - "))", - ) { - writer.write("roleArn: roleARN, roleSessionName: roleSessionName, webIdentityToken: webIdentityToken") - } - writer.dedent() - writer.write("} catch is ExpiredTokenException {") - writer.indent() - writer.write("throw \$N.expiredTokenException", AWSSDKIdentityTypes.IdentityProvidingSTSClientError) - writer.dedent() - writer.write("} catch is IDPCommunicationErrorException {") - writer.indent() - writer.write("throw \$N.idpCommunicationErrorException", AWSSDKIdentityTypes.IdentityProvidingSTSClientError) - writer.dedent() - writer.write("} catch {") - writer.indent() - writer.openBlock( - "throw \$N.failedToResolveAWSCredentials(", - ")", - AWSSDKIdentityTypes.AWSCredentialIdentityResolverError, - ) { - writer.write( - "\"STSWebIdentityAWSCredentialIdentityResolver: " + - "Failed to retrieve credentials from STS with web identity token.\"", - ) - } - writer.dedent() - writer.write("}") - - writer.openBlock( - "guard let creds = out.credentials, let access = creds.accessKeyId, " + - "let secret = creds.secretAccessKey else {", - "}", - ) { - writer.openBlock( - "throw AWSCredentialIdentityResolverError.failedToResolveAWSCredentials(", - ")", - ) { - writer.write( - "\"STSWebIdentityAWSCredentialIdentityResolver: " + - "Failed to retrieve credentials from STS with web identity token.\"", - ) - } - } - - writer.write("var properties = \$N()", SmithyTypes.Attributes) - writer.write( - "properties.set(key: \$N.credentialFeatureIDs, value: credentialFeatureIDs + [\$N.CREDENTIALS_STS_ASSUME_ROLE_WEB_ID.rawValue])", - AWSSDKIdentityTypes.AWSIdentityPropertyKeys, - AWSSDKIdentityTypes.CredentialFeatureID, - ) - writer.openBlock( - "return AWSCredentialIdentity(", - ")", - ) { - writer.write( - "accessKey: access, secret: secret, " + - "expiration: creds.expiration, sessionToken: creds.sessionToken, properties: properties", - ) - } - } - } - } - } -} diff --git a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/credentialresolverservices/InternalModelIntegration.kt b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/credentialresolverservices/InternalModelIntegration.kt index 644d6f0f229..8a6da6a76d8 100644 --- a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/credentialresolverservices/InternalModelIntegration.kt +++ b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/credentialresolverservices/InternalModelIntegration.kt @@ -25,7 +25,7 @@ class InternalModelIntegration : SwiftIntegration { override fun enabledForService( model: Model, settings: SwiftSettings, - ): Boolean = settings.visibility == "internal" + ): Boolean = settings.internalClient override fun preprocessModel( model: Model?, diff --git a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/s3/S3ExpressIntegration.kt b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/s3/S3ExpressIntegration.kt index 0dec67385c1..fa1aed3c4e4 100644 --- a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/s3/S3ExpressIntegration.kt +++ b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/customization/s3/S3ExpressIntegration.kt @@ -1,5 +1,6 @@ package software.amazon.smithy.aws.swift.codegen.customization.s3 +import software.amazon.smithy.aws.swift.codegen.swiftmodules.AWSSDKIdentityAPITypes import software.amazon.smithy.aws.swift.codegen.swiftmodules.AWSSDKIdentityTypes import software.amazon.smithy.codegen.core.Symbol import software.amazon.smithy.model.Model @@ -42,7 +43,7 @@ class S3ExpressIntegration : SwiftIntegration { "}", ClientRuntimeTypes.Core.DefaultClientConfiguration, SwiftTypes.String, - AWSSDKIdentityTypes.S3ExpressIdentity, + AWSSDKIdentityAPITypes.S3ExpressIdentity, ) { writer.openBlock( "guard let config = clientConfig as? S3Client.Config else {", @@ -56,7 +57,7 @@ class S3ExpressIntegration : SwiftIntegration { writer.write( "guard let creds = output.credentials, let accessKeyID = creds.accessKeyId, let secretAccessKey = creds.secretAccessKey, let sessionToken = creds.sessionToken else { fatalError() }", ) - writer.openBlock("return \$N(", ")", AWSSDKIdentityTypes.S3ExpressIdentity) { + writer.openBlock("return \$N(", ")", AWSSDKIdentityAPITypes.S3ExpressIdentity) { writer.write("accessKeyID: accessKeyID,") writer.write("secretAccessKey: secretAccessKey,") writer.write("sessionToken: sessionToken,") @@ -79,7 +80,7 @@ class S3ExpressClientConfiguration : ClientConfiguration { setOf( ConfigProperty( "s3ExpressIdentityResolver", - AWSSDKIdentityTypes.S3ExpressIdentityResolver.toGeneric(), + AWSSDKIdentityAPITypes.S3ExpressIdentityResolver.toGeneric(), DefaultProvider({ it.format("\$N()", AWSSDKIdentityTypes.DefaultS3ExpressIdentityResolver) }, false, false), ), ) diff --git a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/plugins/DefaultAWSAuthSchemePlugin.kt b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/plugins/DefaultAWSAuthSchemePlugin.kt index 32c72b411fb..7cdc210b144 100644 --- a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/plugins/DefaultAWSAuthSchemePlugin.kt +++ b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/plugins/DefaultAWSAuthSchemePlugin.kt @@ -45,10 +45,17 @@ class DefaultAWSAuthSchemePlugin( "Default${AuthSchemeResolverGenerator.getSdkId(ctx)}AuthSchemeResolver()", ) writer.write("config.authSchemes = \$L", AWSAuthUtils(ctx).getModeledAuthSchemesSupportedBySDK(ctx, writer)) - writer.write( - "config.awsCredentialIdentityResolver = \$N()", - AWSSDKIdentityTypes.DefaultAWSCredentialIdentityResolverChain, - ) + if (ctx.settings.internalClient) { + writer.write( + "config.awsCredentialIdentityResolver = \$N()", + SmithyIdentityTypes.StaticAWSCredentialIdentityResolver, + ) + } else { + writer.write( + "config.awsCredentialIdentityResolver = \$N()", + AWSSDKIdentityTypes.DefaultAWSCredentialIdentityResolverChain, + ) + } if (AuthUtils(ctx).isSupportedAuthScheme(HttpBearerAuthTrait.ID)) { writer.write( "config.bearerTokenIdentityResolver = try \$N()", @@ -56,9 +63,8 @@ class DefaultAWSAuthSchemePlugin( ) } else { writer.write( - "config.bearerTokenIdentityResolver = \$N(token: \$N(token: \"\"))", + "config.bearerTokenIdentityResolver = \$N()", SmithyIdentityTypes.StaticBearerTokenIdentityResolver, - SmithyIdentityTypes.BearerTokenIdentity, ) } } diff --git a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/swiftmodules/AWSSDKIdentityAPITypes.kt b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/swiftmodules/AWSSDKIdentityAPITypes.kt new file mode 100644 index 00000000000..2e9ca2b519c --- /dev/null +++ b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/swiftmodules/AWSSDKIdentityAPITypes.kt @@ -0,0 +1,23 @@ +package software.amazon.smithy.aws.swift.codegen.swiftmodules + +import software.amazon.smithy.aws.swift.codegen.AWSSwiftDependency +import software.amazon.smithy.codegen.core.Symbol +import software.amazon.smithy.swift.codegen.SwiftDeclaration +import software.amazon.smithy.swift.codegen.swiftmodules.SwiftSymbol + +object AWSSDKIdentityAPITypes { + val S3ExpressIdentity = runtimeSymbol("S3ExpressIdentity", SwiftDeclaration.STRUCT) + val S3ExpressIdentityResolver = runtimeSymbol("S3ExpressIdentityResolver", SwiftDeclaration.PROTOCOL) +} + +private fun runtimeSymbol( + name: String, + declaration: SwiftDeclaration? = null, +): Symbol = + SwiftSymbol.make( + name, + declaration, + AWSSwiftDependency.AWS_SDK_IDENTITY_API, + emptyList(), + emptyList(), + ) diff --git a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/swiftmodules/AWSSDKIdentityTypes.kt b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/swiftmodules/AWSSDKIdentityTypes.kt index 967371d274d..09e3e25fb0e 100644 --- a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/swiftmodules/AWSSDKIdentityTypes.kt +++ b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/swiftmodules/AWSSDKIdentityTypes.kt @@ -6,18 +6,17 @@ import software.amazon.smithy.swift.codegen.SwiftDeclaration import software.amazon.smithy.swift.codegen.swiftmodules.SwiftSymbol object AWSSDKIdentityTypes { - val DefaultBearerTokenIdentityResolverChain = runtimeSymbol("DefaultBearerTokenIdentityResolverChain", SwiftDeclaration.STRUCT) + val DefaultBearerTokenIdentityResolverChain = + runtimeSymbol( + "DefaultBearerTokenIdentityResolverChain", + SwiftDeclaration.STRUCT, + spiNames = listOf("ClientConfigDefaultIdentityResolver"), + ) val DefaultS3ExpressIdentityResolver = runtimeSymbol("DefaultS3ExpressIdentityResolver", SwiftDeclaration.CLASS) - val S3ExpressIdentity = runtimeSymbol("S3ExpressIdentity", SwiftDeclaration.STRUCT) - val S3ExpressIdentityResolver = runtimeSymbol("S3ExpressIdentityResolver", SwiftDeclaration.PROTOCOL) val S3ExpressCreateSessionClient = runtimeSymbol("S3ExpressCreateSessionClient", SwiftDeclaration.PROTOCOL) val S3ExpressClientError = runtimeSymbol("S3ExpressClientError", SwiftDeclaration.ENUM) val AWSIdentityPropertyKeys = runtimeSymbol("AWSIdentityPropertyKeys", SwiftDeclaration.ENUM) val DefaultAWSCredentialIdentityResolverChain = runtimeSymbol("DefaultAWSCredentialIdentityResolverChain", SwiftDeclaration.CLASS) - val InternalClientKeys = runtimeSymbol("InternalClientKeys", SwiftDeclaration.ENUM) - val IdentityProvidingSTSClient = runtimeSymbol("IdentityProvidingSTSClient", SwiftDeclaration.PROTOCOL) - val IdentityProvidingSSOClient = runtimeSymbol("IdentityProvidingSSOClient", SwiftDeclaration.PROTOCOL) - val IdentityProvidingSSOOIDCClient = runtimeSymbol("IdentityProvidingSSOOIDCClient", SwiftDeclaration.PROTOCOL) val AWSCredentialIdentityResolverError = runtimeSymbol("AWSCredentialIdentityResolverError", SwiftDeclaration.ENUM) val IdentityProvidingSTSClientError = runtimeSymbol("IdentityProvidingSTSClientError", SwiftDeclaration.ENUM) val AWSCredentialIdentity = runtimeSymbol("AWSCredentialIdentity", SwiftDeclaration.STRUCT) @@ -28,11 +27,12 @@ object AWSSDKIdentityTypes { private fun runtimeSymbol( name: String, declaration: SwiftDeclaration? = null, + spiNames: List = listOf(), ): Symbol = SwiftSymbol.make( name, declaration, AWSSwiftDependency.AWS_SDK_IDENTITY, emptyList(), - emptyList(), + spiNames, ) diff --git a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/swiftmodules/InternalClientTypes.kt b/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/swiftmodules/InternalClientTypes.kt deleted file mode 100644 index e3c8a02cba4..00000000000 --- a/codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/swiftmodules/InternalClientTypes.kt +++ /dev/null @@ -1,41 +0,0 @@ -package software.amazon.smithy.aws.swift.codegen.swiftmodules - -import software.amazon.smithy.aws.swift.codegen.AWSSwiftDependency -import software.amazon.smithy.codegen.core.Symbol -import software.amazon.smithy.swift.codegen.SwiftDeclaration -import software.amazon.smithy.swift.codegen.SwiftDependency -import software.amazon.smithy.swift.codegen.swiftmodules.SwiftSymbol - -object InternalClientTypes { - val IdentityProvidingSTSClient = - runtimeSymbol( - "IdentityProvidingSTSClient", - SwiftDeclaration.STRUCT, - AWSSwiftDependency.INTERNAL_AWS_STS, - ) - val IdentityProvidingSSOClient = - runtimeSymbol( - "IdentityProvidingSSOClient", - SwiftDeclaration.STRUCT, - AWSSwiftDependency.INTERNAL_AWS_SSO, - ) - val IdentityProvidingSSOOIDCClient = - runtimeSymbol( - "IdentityProvidingSSOOIDCClient", - SwiftDeclaration.STRUCT, - AWSSwiftDependency.INTERNAL_AWS_SSO_OIDC, - ) -} - -private fun runtimeSymbol( - name: String, - declaration: SwiftDeclaration? = null, - module: SwiftDependency, -): Symbol = - SwiftSymbol.make( - name, - declaration, - module, - emptyList(), - emptyList(), - ) diff --git a/codegen/smithy-aws-swift-codegen/src/main/resources/META-INF/services/software.amazon.smithy.swift.codegen.integration.SwiftIntegration b/codegen/smithy-aws-swift-codegen/src/main/resources/META-INF/services/software.amazon.smithy.swift.codegen.integration.SwiftIntegration index 68e6e74c88e..a6080556639 100644 --- a/codegen/smithy-aws-swift-codegen/src/main/resources/META-INF/services/software.amazon.smithy.swift.codegen.integration.SwiftIntegration +++ b/codegen/smithy-aws-swift-codegen/src/main/resources/META-INF/services/software.amazon.smithy.swift.codegen.integration.SwiftIntegration @@ -31,6 +31,3 @@ software.amazon.smithy.swift.codegen.protocols.rpcv2cbor.CborValidateResponseHea software.amazon.smithy.aws.swift.codegen.customization.rds.AuthTokenGeneratorIntegration software.amazon.smithy.aws.swift.codegen.customization.dsql.AuthTokenGeneratorIntegration software.amazon.smithy.aws.swift.codegen.customization.credentialresolverservices.InternalModelIntegration -software.amazon.smithy.aws.swift.codegen.customization.credentialresolverservices.IdentityProvidingSTSClientIntegration -software.amazon.smithy.aws.swift.codegen.customization.credentialresolverservices.IdentityProvidingSSOClientIntegration -software.amazon.smithy.aws.swift.codegen.customization.credentialresolverservices.IdentityProvidingSSOOIDCClientIntegration diff --git a/codegen/smithy-aws-swift-codegen/src/test/kotlin/software/amazon/smithy/aws/swift/codegen/customizations/RulesBasedAuthSchemeResolverGeneratorTests.kt b/codegen/smithy-aws-swift-codegen/src/test/kotlin/software/amazon/smithy/aws/swift/codegen/customizations/RulesBasedAuthSchemeResolverGeneratorTests.kt index 69c00e2d103..0bcd20c68bf 100644 --- a/codegen/smithy-aws-swift-codegen/src/test/kotlin/software/amazon/smithy/aws/swift/codegen/customizations/RulesBasedAuthSchemeResolverGeneratorTests.kt +++ b/codegen/smithy-aws-swift-codegen/src/test/kotlin/software/amazon/smithy/aws/swift/codegen/customizations/RulesBasedAuthSchemeResolverGeneratorTests.kt @@ -41,51 +41,27 @@ private struct InternalModeledS3AuthSchemeResolver: S3AuthSchemeResolver { switch serviceParams.operation { case "onlyHttpApiKeyAuth": var httpApiKeyAuthOption = SmithyHTTPAuthAPI.AuthOption(schemeID: "smithy.api#httpApiKeyAuth") - httpApiKeyAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSTSClientKey, value: InternalAWSSTS.IdentityProvidingSTSClient()) - httpApiKeyAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOClientKey, value: InternalAWSSSO.IdentityProvidingSSOClient()) - httpApiKeyAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOOIDCClientKey, value: InternalAWSSSOOIDC.IdentityProvidingSSOOIDCClient()) validAuthOptions.append(httpApiKeyAuthOption) case "onlyHttpApiKeyAuthOptional": var httpApiKeyAuthOption = SmithyHTTPAuthAPI.AuthOption(schemeID: "smithy.api#httpApiKeyAuth") - httpApiKeyAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSTSClientKey, value: InternalAWSSTS.IdentityProvidingSTSClient()) - httpApiKeyAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOClientKey, value: InternalAWSSSO.IdentityProvidingSSOClient()) - httpApiKeyAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOOIDCClientKey, value: InternalAWSSSOOIDC.IdentityProvidingSSOOIDCClient()) validAuthOptions.append(httpApiKeyAuthOption) validAuthOptions.append(SmithyHTTPAuthAPI.AuthOption(schemeID: "smithy.api#noAuth")) case "onlyHttpBearerAuth": var httpBearerAuthOption = SmithyHTTPAuthAPI.AuthOption(schemeID: "smithy.api#httpBearerAuth") - httpBearerAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSTSClientKey, value: InternalAWSSTS.IdentityProvidingSTSClient()) - httpBearerAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOClientKey, value: InternalAWSSSO.IdentityProvidingSSOClient()) - httpBearerAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOOIDCClientKey, value: InternalAWSSSOOIDC.IdentityProvidingSSOOIDCClient()) validAuthOptions.append(httpBearerAuthOption) case "onlyHttpBearerAuthOptional": var httpBearerAuthOption = SmithyHTTPAuthAPI.AuthOption(schemeID: "smithy.api#httpBearerAuth") - httpBearerAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSTSClientKey, value: InternalAWSSTS.IdentityProvidingSTSClient()) - httpBearerAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOClientKey, value: InternalAWSSSO.IdentityProvidingSSOClient()) - httpBearerAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOOIDCClientKey, value: InternalAWSSSOOIDC.IdentityProvidingSSOOIDCClient()) validAuthOptions.append(httpBearerAuthOption) validAuthOptions.append(SmithyHTTPAuthAPI.AuthOption(schemeID: "smithy.api#noAuth")) case "onlyHttpApiKeyAndBearerAuth": var httpApiKeyAuthOption = SmithyHTTPAuthAPI.AuthOption(schemeID: "smithy.api#httpApiKeyAuth") - httpApiKeyAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSTSClientKey, value: InternalAWSSTS.IdentityProvidingSTSClient()) - httpApiKeyAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOClientKey, value: InternalAWSSSO.IdentityProvidingSSOClient()) - httpApiKeyAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOOIDCClientKey, value: InternalAWSSSOOIDC.IdentityProvidingSSOOIDCClient()) validAuthOptions.append(httpApiKeyAuthOption) var httpBearerAuthOption = SmithyHTTPAuthAPI.AuthOption(schemeID: "smithy.api#httpBearerAuth") - httpBearerAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSTSClientKey, value: InternalAWSSTS.IdentityProvidingSTSClient()) - httpBearerAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOClientKey, value: InternalAWSSSO.IdentityProvidingSSOClient()) - httpBearerAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOOIDCClientKey, value: InternalAWSSSOOIDC.IdentityProvidingSSOOIDCClient()) validAuthOptions.append(httpBearerAuthOption) case "onlyHttpApiKeyAndBearerAuthReversed": var httpBearerAuthOption = SmithyHTTPAuthAPI.AuthOption(schemeID: "smithy.api#httpBearerAuth") - httpBearerAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSTSClientKey, value: InternalAWSSTS.IdentityProvidingSTSClient()) - httpBearerAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOClientKey, value: InternalAWSSSO.IdentityProvidingSSOClient()) - httpBearerAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOOIDCClientKey, value: InternalAWSSSOOIDC.IdentityProvidingSSOOIDCClient()) validAuthOptions.append(httpBearerAuthOption) var httpApiKeyAuthOption = SmithyHTTPAuthAPI.AuthOption(schemeID: "smithy.api#httpApiKeyAuth") - httpApiKeyAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSTSClientKey, value: InternalAWSSTS.IdentityProvidingSTSClient()) - httpApiKeyAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOClientKey, value: InternalAWSSSO.IdentityProvidingSSOClient()) - httpApiKeyAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOOIDCClientKey, value: InternalAWSSSOOIDC.IdentityProvidingSSOOIDCClient()) validAuthOptions.append(httpApiKeyAuthOption) case "onlySigv4Auth": var sigv4Option = SmithyHTTPAuthAPI.AuthOption(schemeID: "aws.auth#sigv4") @@ -94,9 +70,6 @@ private struct InternalModeledS3AuthSchemeResolver: S3AuthSchemeResolver { throw Smithy.ClientError.authError("Missing region in auth scheme parameters for SigV4 auth scheme.") } sigv4Option.signingProperties.set(key: SmithyHTTPAuthAPI.SigningPropertyKeys.signingRegion, value: region) - sigv4Option.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSTSClientKey, value: InternalAWSSTS.IdentityProvidingSTSClient()) - sigv4Option.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOClientKey, value: InternalAWSSSO.IdentityProvidingSSOClient()) - sigv4Option.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOOIDCClientKey, value: InternalAWSSSOOIDC.IdentityProvidingSSOOIDCClient()) validAuthOptions.append(sigv4Option) case "onlySigv4AuthOptional": var sigv4Option = SmithyHTTPAuthAPI.AuthOption(schemeID: "aws.auth#sigv4") @@ -105,22 +78,13 @@ private struct InternalModeledS3AuthSchemeResolver: S3AuthSchemeResolver { throw Smithy.ClientError.authError("Missing region in auth scheme parameters for SigV4 auth scheme.") } sigv4Option.signingProperties.set(key: SmithyHTTPAuthAPI.SigningPropertyKeys.signingRegion, value: region) - sigv4Option.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSTSClientKey, value: InternalAWSSTS.IdentityProvidingSTSClient()) - sigv4Option.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOClientKey, value: InternalAWSSSO.IdentityProvidingSSOClient()) - sigv4Option.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOOIDCClientKey, value: InternalAWSSSOOIDC.IdentityProvidingSSOOIDCClient()) validAuthOptions.append(sigv4Option) validAuthOptions.append(SmithyHTTPAuthAPI.AuthOption(schemeID: "smithy.api#noAuth")) case "onlyCustomAuth": var customAuthOption = SmithyHTTPAuthAPI.AuthOption(schemeID: "com.test#customAuth") - customAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSTSClientKey, value: InternalAWSSTS.IdentityProvidingSTSClient()) - customAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOClientKey, value: InternalAWSSSO.IdentityProvidingSSOClient()) - customAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOOIDCClientKey, value: InternalAWSSSOOIDC.IdentityProvidingSSOOIDCClient()) validAuthOptions.append(customAuthOption) case "onlyCustomAuthOptional": var customAuthOption = SmithyHTTPAuthAPI.AuthOption(schemeID: "com.test#customAuth") - customAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSTSClientKey, value: InternalAWSSTS.IdentityProvidingSTSClient()) - customAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOClientKey, value: InternalAWSSSO.IdentityProvidingSSOClient()) - customAuthOption.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOOIDCClientKey, value: InternalAWSSSOOIDC.IdentityProvidingSSOOIDCClient()) validAuthOptions.append(customAuthOption) validAuthOptions.append(SmithyHTTPAuthAPI.AuthOption(schemeID: "smithy.api#noAuth")) default: @@ -130,9 +94,6 @@ private struct InternalModeledS3AuthSchemeResolver: S3AuthSchemeResolver { throw Smithy.ClientError.authError("Missing region in auth scheme parameters for SigV4 auth scheme.") } sigv4Option.signingProperties.set(key: SmithyHTTPAuthAPI.SigningPropertyKeys.signingRegion, value: region) - sigv4Option.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSTSClientKey, value: InternalAWSSTS.IdentityProvidingSTSClient()) - sigv4Option.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOClientKey, value: InternalAWSSSO.IdentityProvidingSSOClient()) - sigv4Option.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOOIDCClientKey, value: InternalAWSSSOOIDC.IdentityProvidingSSOOIDCClient()) validAuthOptions.append(sigv4Option) } return self.reprioritizeAuthOptions(authSchemePreference: serviceParams.authSchemePreference, authOptions: validAuthOptions) @@ -162,17 +123,11 @@ public struct DefaultS3AuthSchemeResolver: S3AuthSchemeResolver { var sigV4Option = SmithyHTTPAuthAPI.AuthOption(schemeID: "aws.auth#sigv4") sigV4Option.signingProperties.set(key: SmithyHTTPAuthAPI.SigningPropertyKeys.signingName, value: param.signingName) sigV4Option.signingProperties.set(key: SmithyHTTPAuthAPI.SigningPropertyKeys.signingRegion, value: param.signingRegion) - sigV4Option.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSTSClientKey, value: InternalAWSSTS.IdentityProvidingSTSClient()) - sigV4Option.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOClientKey, value: InternalAWSSSO.IdentityProvidingSSOClient()) - sigV4Option.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOOIDCClientKey, value: InternalAWSSSOOIDC.IdentityProvidingSSOOIDCClient()) validAuthOptions.append(sigV4Option) case .sigV4A(let param): var sigV4Option = SmithyHTTPAuthAPI.AuthOption(schemeID: "aws.auth#sigv4a") sigV4Option.signingProperties.set(key: SmithyHTTPAuthAPI.SigningPropertyKeys.signingName, value: param.signingName) sigV4Option.signingProperties.set(key: SmithyHTTPAuthAPI.SigningPropertyKeys.signingRegion, value: param.signingRegionSet?[0]) - sigV4Option.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSTSClientKey, value: InternalAWSSTS.IdentityProvidingSTSClient()) - sigV4Option.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOClientKey, value: InternalAWSSSO.IdentityProvidingSSOClient()) - sigV4Option.identityProperties.set(key: AWSSDKIdentity.InternalClientKeys.internalSSOOIDCClientKey, value: InternalAWSSSOOIDC.IdentityProvidingSSOOIDCClient()) validAuthOptions.append(sigV4Option) case .sigV4S3Express(let param): var authOption = SmithyHTTPAuthAPI.AuthOption(schemeID: "aws.auth#sigv4-s3express")