Skip to content

chore: Refactor internal clients #1995

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 24 commits into from
Aug 4, 2025
Merged

chore: Refactor internal clients #1995

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
16c3304
fix: Inject identity clients into credential resolvers at creation
jbelkins Jul 30, 2025
6e3b7ad
Drop interfaces on internal clients
jbelkins Jul 30, 2025
cccac6c
chore: Refactor internal clients
jbelkins Jul 30, 2025
8c55a43
Cleanup Package.base
jbelkins Jul 30, 2025
ea31cca
Fix codegen tests
jbelkins Jul 30, 2025
0d6a278
Cleanup
jbelkins Jul 30, 2025
b4a2860
Move S3Express interfaces to API module, Revert other S3Express changes
jbelkins Jul 31, 2025
af96db1
Fix codegen for S3 Express, Fix AWSSSDKEventStreamsAuth path
jbelkins Jul 31, 2025
f3a7201
Fix integration tests
jbelkins Jul 31, 2025
3d2780c
Merge branch 'main' into jbe/identity_client_inject
jbelkins Jul 31, 2025
f02902d
Publish AWSSDKIdentityAPI
jbelkins Jul 31, 2025
e173cce
Fix AWSSDKHTTPAuth deps
jbelkins Jul 31, 2025
be5269d
Disable broken Bedrock API key test
jbelkins Jul 31, 2025
f66280b
Identify user-set bearer token resolvers
jbelkins Jul 31, 2025
7d5882a
Add internalClient field to SwiftSettings
jbelkins Jul 31, 2025
99fd8b1
Include internalClient in smithy build JSON
jbelkins Jul 31, 2025
c62007a
Merge branch 'main' into jbe/identity_client_inject
jbelkins Jul 31, 2025
85189f3
Typealias S3 types at their original locations
jbelkins Jul 31, 2025
39b780f
Remove references to S3 Express in AWSSDKIdentity
jbelkins Jul 31, 2025
fe88170
Merge branch 'main' into jbe/identity_client_inject
jbelkins Aug 1, 2025
bcfc791
Use new SPI extensions on static resolvers
jbelkins Aug 4, 2025
ae91bf1
Merge branch 'main' into jbe/identity_client_inject
jbelkins Aug 4, 2025
b281baa
Fix ktlint
jbelkins Aug 4, 2025
fe81170
Cleanup
jbelkins Aug 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 16 additions & 14 deletions AWSSDKSwiftCLI/Sources/AWSSDKSwiftCLI/Resources/Package.Base.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ extension Target.Dependency {
static var awsSDKEventStreamsAuth: Self { "AWSSDKEventStreamsAuth" }
static var awsSDKHTTPAuth: Self { "AWSSDKHTTPAuth" }
static var awsSDKIdentity: Self { "AWSSDKIdentity" }
static var awsSDKIdentityAPI: Self { "AWSSDKIdentityAPI" }
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added this package for identity-related things that aren't credential resolvers.

Right now this is only the S3 Express identity & identity resolver, but this broke a dependency between AWSSDKHTTPAuth & AWSSDKIdentity that was needed to eliminate circular dependencies on the internal clients.

static var awsSDKChecksums: Self { "AWSSDKChecksums" }
static var awsSDKPartitions: Self { "AWSSDKPartitions" }

Expand Down Expand Up @@ -59,7 +60,7 @@ let package = Package(
// MARK: Products

private var runtimeProducts: [Product] {
["AWSClientRuntime", "AWSSDKCommon", "AWSSDKEventStreamsAuth", "AWSSDKHTTPAuth", "AWSSDKIdentity", "AWSSDKChecksums"]
["AWSClientRuntime", "AWSSDKCommon", "AWSSDKEventStreamsAuth", "AWSSDKHTTPAuth", "AWSSDKIdentityAPI", "AWSSDKIdentity", "AWSSDKChecksums"]
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AWSSDKIdentityAPI is published for use by customers (if they customize S3 Express) and in tests.

.map { .library(name: $0, targets: [$0]) }
}

Expand Down Expand Up @@ -105,6 +106,7 @@ private var runtimeTargets: [Target] {
dependencies: [
.crt,
.clientRuntime,
.smithyIdentity,
.smithyRetriesAPI,
.smithyRetries,
.awsSDKCommon,
Expand All @@ -120,21 +122,26 @@ private var runtimeTargets: [Target] {
.target(
name: "AWSSDKCommon",
dependencies: [.crt],
path: "Sources/Core/AWSSDKCommon/Sources"
path: "Sources/Core/AWSSDKCommon/Sources/AWSSDKCommon"
),
.target(
name: "AWSSDKEventStreamsAuth",
dependencies: [.smithyEventStreamsAPI, .smithyEventStreamsAuthAPI, .smithyEventStreams, .crt, .clientRuntime, "AWSSDKHTTPAuth"],
path: "Sources/Core/AWSSDKEventStreamsAuth/Sources"
path: "Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSDKEventStreamsAuth"
),
.target(
name: "AWSSDKHTTPAuth",
dependencies: [.crt, .smithy, .clientRuntime, .smithyHTTPAuth, "AWSSDKChecksums", "AWSSDKIdentity"],
path: "Sources/Core/AWSSDKHTTPAuth/Sources"
dependencies: [.crt, .smithy, .clientRuntime, .smithyHTTPAuth, .awsSDKIdentityAPI, "AWSSDKChecksums"],
path: "Sources/Core/AWSSDKHTTPAuth/Sources/AWSSDKHTTPAuth"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Switched the AWSSDKHTTPAuth dependency from AWSSDKIdentity to the new AWSSDKIdentityAPI.

This breaks a AWSSDKIdentity -> InternalAWSClient -> AWSSDKHTTPAuth -> AWSSDKIdentity circular dependency.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Q: Where was AWSSDKIdentity dependent on internal clients?

Oh, I see that AWSSDKIdentity -> internal client dependency was introduced in this PR to allow credential resolvers to instantiate internal clients directly 👍

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Exactly

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be clear, the "circular dependencies" I refer to are those created by adding the internal AWS clients as dependencies of AWSSDKIdentity, before making the changes in this PR to break them.

),
.target(
name: "AWSSDKIdentityAPI",
dependencies: [.smithy, .smithyIdentityAPI],
path: "Sources/Core/AWSSDKIdentityAPI/Sources/AWSSDKIdentityAPI"
),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new AWSSDKIdentityAPI target above depends only on Smithy API modules.

.target(
name: "AWSSDKIdentity",
dependencies: [.crt, .smithy, .clientRuntime, .smithyIdentity, .smithyIdentityAPI, .smithyHTTPAPI, .awsSDKCommon],
dependencies: [.awsSDKIdentityAPI, .crt, .smithy, .clientRuntime, .smithyIdentity, .smithyIdentityAPI, .smithyHTTPAPI, .awsSDKCommon, "InternalAWSSTS", "InternalAWSSSO", "InternalAWSSSOOIDC", ],
path: "Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity"
),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AWSSDKIdentity now depends on AWSSDKIdentityAPI, and also depends directly on the 3 internal clients. This is no longer a circular dependency because the internal clients don't depend on AWSSDKIdentity.

This also allows us to get rid of almost all of the boiler plate and code generation that we used to use to allow identity resolvers to access these clients, since they're now direct dependencies.

.target(
Expand All @@ -154,7 +161,6 @@ private var runtimeTargets: [Target] {
.smithyChecksums,
.smithyWaitersAPI,
.awsSDKCommon,
.awsSDKIdentity,
.awsSDKHTTPAuth,
.awsSDKEventStreamsAuth,
.awsSDKChecksums,
Expand All @@ -178,7 +184,6 @@ private var runtimeTargets: [Target] {
.smithyChecksums,
.smithyWaitersAPI,
.awsSDKCommon,
.awsSDKIdentity,
.awsSDKHTTPAuth,
.awsSDKEventStreamsAuth,
.awsSDKChecksums,
Expand All @@ -202,7 +207,6 @@ private var runtimeTargets: [Target] {
.smithyChecksums,
.smithyWaitersAPI,
.awsSDKCommon,
.awsSDKIdentity,
.awsSDKHTTPAuth,
.awsSDKEventStreamsAuth,
.awsSDKChecksums,
Expand All @@ -226,7 +230,7 @@ private var runtimeTestTargets: [Target] {
return [
.testTarget(
name: "AWSClientRuntimeTests",
dependencies: [.awsClientRuntime, .clientRuntime, .smithyTestUtils, .awsSDKCommon],
dependencies: [.awsClientRuntime, .clientRuntime, .smithyTestUtils, .awsSDKCommon, .awsSDKIdentity],
path: "Sources/Core/AWSClientRuntime/Tests/AWSClientRuntimeTests",
resources: [.process("Resources")]
),
Expand All @@ -242,7 +246,7 @@ private var runtimeTestTargets: [Target] {
),
.testTarget(
name: "AWSSDKIdentityTests",
dependencies: [.smithy, .smithyIdentity, "AWSSDKIdentity", .awsClientRuntime],
dependencies: ["AWSSDKIdentity", .smithy, .smithyIdentity, .awsClientRuntime],
path: "Sources/Core/AWSSDKIdentity/Tests/AWSSDKIdentityTests",
resources: [.process("Resources")]
),
Expand All @@ -267,13 +271,11 @@ private func target(_ service: String) -> Target {
.smithyChecksums,
.smithyWaitersAPI,
.awsSDKCommon,
.awsSDKIdentityAPI,
.awsSDKIdentity,
.awsSDKHTTPAuth,
.awsSDKEventStreamsAuth,
.awsSDKChecksums,
"InternalAWSSTS",
"InternalAWSSSO",
"InternalAWSSSOOIDC",
Copy link
Contributor Author

@jbelkins jbelkins Jul 31, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The 3 internal clients are removed since they are not direct dependencies of the client (they are still linked though, as dependencies of AWSSDKIdentity.)

],
path: "Sources/Services/\(service)/Sources/\(service)"
)
Expand Down
2 changes: 2 additions & 0 deletions IntegrationTests/Package.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ extension Target.Dependency {
// AWS modules
static var awsClientRuntime: Self { .product(name: "AWSClientRuntime", package: "aws-sdk-swift") }
static var awsSDKCommon: Self { .product(name: "AWSSDKCommon", package: "aws-sdk-swift") }
static var awsSDKIdentityAPI: Self { .product(name: "AWSSDKIdentityAPI", package: "aws-sdk-swift") }
static var awsSDKIdentity: Self { .product(name: "AWSSDKIdentity", package: "aws-sdk-swift") }

// Smithy modules
Expand Down Expand Up @@ -104,6 +105,7 @@ private func integrationTestTarget(_ name: String) -> Target {
.awsClientRuntime,
.smithyTestUtil,
.awsSDKIdentity,
.awsSDKIdentityAPI,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AWSSDKIdentityAPI is added as a dependency of the integration test targets, so its types may be accessed in tests.

.smithyIdentity,
.awsSDKCommon,
.awsIntegrationTestUtils,
Expand Down
2 changes: 1 addition & 1 deletion IntegrationTests/Services/AWSBedrockRuntimeIntegrationTests/BedrockAPIKeyTests.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ final class BedrockAPIKeyIntegrationTests: XCTestCase {
let envVarName = "AWS_BEARER_TOKEN_BEDROCK"
let apiKeyDuration: TimeInterval = 600.0

func xtest_apiKey_createsAPIKeyAndCallsWithIt() async throws {
func test_apiKey_createsAPIKeyAndCallsWithIt() async throws {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Re-enabling this integration test; it's the one which was causing problems on systems that assume a role before testing.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BTW I re-ran this test on the internal build system, it now passes after the refactor.

// Set a Bedrock API token into the environment.
let generator = BedrockAPIKeyGenerator(region: region, duration: apiKeyDuration)
let token = try await generator.generate()
Expand Down
3 changes: 2 additions & 1 deletion IntegrationTests/Services/AWSS3IntegrationTests/S3ExpressConfigTests.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import SmithyHTTPAPI
import SmithyHTTPAuthAPI
import SmithyTestUtil
import AWSSDKIdentity
import AWSSDKIdentityAPI
import AWSSDKHTTPAuth

// These tests confirm that the disableS3ExpressSessionAuth option
Expand Down Expand Up @@ -146,7 +147,7 @@ class CheckSelectedAuthSchemeProvider: HttpInterceptorProvider {
// CreateSession call before the GetObject.
private actor MockS3ExpressIdentityResolver: S3ExpressIdentityResolver {

func getIdentity(identityProperties: Smithy.Attributes?) async throws -> AWSSDKIdentity.S3ExpressIdentity {
func getIdentity(identityProperties: Smithy.Attributes?) async throws -> S3ExpressIdentity {
return S3ExpressIdentity(
accessKeyID: "AKIAIOSFODNN7EXAMPLE",
secretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
Expand Down
30 changes: 16 additions & 14 deletions Package.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -449,6 +449,7 @@ extension Target.Dependency {
static var awsSDKEventStreamsAuth: Self { "AWSSDKEventStreamsAuth" }
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For this file, see comments on Package.base.txt above

static var awsSDKHTTPAuth: Self { "AWSSDKHTTPAuth" }
static var awsSDKIdentity: Self { "AWSSDKIdentity" }
static var awsSDKIdentityAPI: Self { "AWSSDKIdentityAPI" }
static var awsSDKChecksums: Self { "AWSSDKChecksums" }
static var awsSDKPartitions: Self { "AWSSDKPartitions" }

Expand Down Expand Up @@ -499,7 +500,7 @@ let package = Package(
// MARK: Products

private var runtimeProducts: [Product] {
["AWSClientRuntime", "AWSSDKCommon", "AWSSDKEventStreamsAuth", "AWSSDKHTTPAuth", "AWSSDKIdentity", "AWSSDKChecksums"]
["AWSClientRuntime", "AWSSDKCommon", "AWSSDKEventStreamsAuth", "AWSSDKHTTPAuth", "AWSSDKIdentityAPI", "AWSSDKIdentity", "AWSSDKChecksums"]
.map { .library(name: $0, targets: [$0]) }
}

Expand Down Expand Up @@ -545,6 +546,7 @@ private var runtimeTargets: [Target] {
dependencies: [
.crt,
.clientRuntime,
.smithyIdentity,
.smithyRetriesAPI,
.smithyRetries,
.awsSDKCommon,
Expand All @@ -560,21 +562,26 @@ private var runtimeTargets: [Target] {
.target(
name: "AWSSDKCommon",
dependencies: [.crt],
path: "Sources/Core/AWSSDKCommon/Sources"
path: "Sources/Core/AWSSDKCommon/Sources/AWSSDKCommon"
),
.target(
name: "AWSSDKEventStreamsAuth",
dependencies: [.smithyEventStreamsAPI, .smithyEventStreamsAuthAPI, .smithyEventStreams, .crt, .clientRuntime, "AWSSDKHTTPAuth"],
path: "Sources/Core/AWSSDKEventStreamsAuth/Sources"
path: "Sources/Core/AWSSDKEventStreamsAuth/Sources/AWSSDKEventStreamsAuth"
),
.target(
name: "AWSSDKHTTPAuth",
dependencies: [.crt, .smithy, .clientRuntime, .smithyHTTPAuth, "AWSSDKChecksums", "AWSSDKIdentity"],
path: "Sources/Core/AWSSDKHTTPAuth/Sources"
dependencies: [.crt, .smithy, .clientRuntime, .smithyHTTPAuth, .awsSDKIdentityAPI, "AWSSDKChecksums"],
path: "Sources/Core/AWSSDKHTTPAuth/Sources/AWSSDKHTTPAuth"
),
.target(
name: "AWSSDKIdentityAPI",
dependencies: [.smithy, .smithyIdentityAPI],
path: "Sources/Core/AWSSDKIdentityAPI/Sources/AWSSDKIdentityAPI"
),
.target(
name: "AWSSDKIdentity",
dependencies: [.crt, .smithy, .clientRuntime, .smithyIdentity, .smithyIdentityAPI, .smithyHTTPAPI, .awsSDKCommon],
dependencies: [.awsSDKIdentityAPI, .crt, .smithy, .clientRuntime, .smithyIdentity, .smithyIdentityAPI, .smithyHTTPAPI, .awsSDKCommon, "InternalAWSSTS", "InternalAWSSSO", "InternalAWSSSOOIDC", ],
path: "Sources/Core/AWSSDKIdentity/Sources/AWSSDKIdentity"
),
.target(
Expand All @@ -594,7 +601,6 @@ private var runtimeTargets: [Target] {
.smithyChecksums,
.smithyWaitersAPI,
.awsSDKCommon,
.awsSDKIdentity,
.awsSDKHTTPAuth,
.awsSDKEventStreamsAuth,
.awsSDKChecksums,
Expand All @@ -618,7 +624,6 @@ private var runtimeTargets: [Target] {
.smithyChecksums,
.smithyWaitersAPI,
.awsSDKCommon,
.awsSDKIdentity,
.awsSDKHTTPAuth,
.awsSDKEventStreamsAuth,
.awsSDKChecksums,
Expand All @@ -642,7 +647,6 @@ private var runtimeTargets: [Target] {
.smithyChecksums,
.smithyWaitersAPI,
.awsSDKCommon,
.awsSDKIdentity,
.awsSDKHTTPAuth,
.awsSDKEventStreamsAuth,
.awsSDKChecksums,
Expand All @@ -666,7 +670,7 @@ private var runtimeTestTargets: [Target] {
return [
.testTarget(
name: "AWSClientRuntimeTests",
dependencies: [.awsClientRuntime, .clientRuntime, .smithyTestUtils, .awsSDKCommon],
dependencies: [.awsClientRuntime, .clientRuntime, .smithyTestUtils, .awsSDKCommon, .awsSDKIdentity],
path: "Sources/Core/AWSClientRuntime/Tests/AWSClientRuntimeTests",
resources: [.process("Resources")]
),
Expand All @@ -682,7 +686,7 @@ private var runtimeTestTargets: [Target] {
),
.testTarget(
name: "AWSSDKIdentityTests",
dependencies: [.smithy, .smithyIdentity, "AWSSDKIdentity", .awsClientRuntime],
dependencies: ["AWSSDKIdentity", .smithy, .smithyIdentity, .awsClientRuntime],
path: "Sources/Core/AWSSDKIdentity/Tests/AWSSDKIdentityTests",
resources: [.process("Resources")]
),
Expand All @@ -707,13 +711,11 @@ private func target(_ service: String) -> Target {
.smithyChecksums,
.smithyWaitersAPI,
.awsSDKCommon,
.awsSDKIdentityAPI,
.awsSDKIdentity,
.awsSDKHTTPAuth,
.awsSDKEventStreamsAuth,
.awsSDKChecksums,
"InternalAWSSTS",
"InternalAWSSSO",
"InternalAWSSSOOIDC",
],
path: "Sources/Services/\(service)/Sources/\(service)"
)
Expand Down
10 changes: 5 additions & 5 deletions ...e/AWSClientRuntime/Sources/AWSClientRuntime/Customizations/BedrockAPIKeyInterceptor.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@
//

import class Foundation.ProcessInfo
import struct AWSSDKIdentity.DefaultBearerTokenIdentityResolverChain
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This interceptor now looks for ClientConfigDefaultBearerTokenIdentityResolver (located in SmithyIdentity) instead of DefaultBearerTokenIdentityResolverChain (located in AWSSDKIdentity).

As a result, AWSClientRuntime no longer depends on AWSSDKIdentity, breaking this dependency cycle:
AWSSDKIdentity -> InternalClient -> AWSClientRuntime -> AWSSDKIdentity

import protocol ClientRuntime.Interceptor
import protocol ClientRuntime.AfterSerialization
import struct Smithy.Attributes
import struct Smithy.AttributeKey
import class SmithyHTTPAPI.HTTPRequest
import class SmithyHTTPAPI.HTTPResponse
@_spi(ClientConfigDefaultIdentityResolver) import protocol SmithyIdentityAPI.ClientConfigDefaultIdentityResolver
import protocol SmithyIdentity.BearerTokenIdentityResolver
import struct SmithyIdentity.BearerTokenIdentity
import struct SmithyIdentity.StaticBearerTokenIdentityResolver
Expand All @@ -37,10 +37,10 @@ public struct BedrockAPIKeyInterceptor<InputType, OutputType>: Interceptor {
// If so, return immediately & use that instead of the Bedrock API token.
let identityResolvers = attributes.getIdentityResolvers() ?? Attributes()
let key = AttributeKey<any BearerTokenIdentityResolver>(name: "smithy.api#httpBearerAuth")
guard !identityResolvers.contains(key: key) || identityResolvers.get(key: key) is
DefaultBearerTokenIdentityResolverChain else {
return
}
let configuredResolver = identityResolvers.get(key: key)
let clientConfigDefaultIdentityResolver = configuredResolver as? any ClientConfigDefaultIdentityResolver
let configuredResolverIsDefault = clientConfigDefaultIdentityResolver?.isClientConfigDefault ?? false
guard configuredResolver == nil || configuredResolverIsDefault else { return }

// Create a bearer token identity resolver with the resolved token, then
// store it in the context.
Expand Down
3 changes: 2 additions & 1 deletion ...entRuntime/Tests/AWSClientRuntimeTests/Customizations/BedrockAPIKeyInterceptorTests.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,8 @@ final class BedrockAPIKeyInterceptorTests: XCTestCase {
defer { unsetenv(envVarName) }
let subject = BedrockAPIKeyInterceptor<String, String>()
let context = Context(attributes: Attributes())
context.addIdentityResolver(value: try DefaultBearerTokenIdentityResolverChain(), schemeID: "smithy.api#httpBearerAuth")
let resolver = DefaultBearerTokenIdentityResolverChain()
context.addIdentityResolver(value: resolver, schemeID: "smithy.api#httpBearerAuth")
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The bearer token identity resolver is wrapped in a ClientConfigDefaultBearerTokenIdentityResolver to signify that it was not customer-supplied.

let interceptorContext = DefaultInterceptorContext<String, String, HTTPRequest, HTTPResponse>(input: "", attributes: context)

try await subject.readBeforeAttempt(context: interceptorContext)
Expand Down
0 ...DKEventStreamsAuth/AWSMessageSigner.swift → ...DKEventStreamsAuth/AWSMessageSigner.swift
View file
Open in desktop
File renamed without changes.
0 ...amsAuth/AWSSigV4Signer+EventStreams.swift → ...amsAuth/AWSSigV4Signer+EventStreams.swift
View file
Open in desktop
File renamed without changes.
0 ...amsAuth/Context+AWSEventStreamsAuth.swift → ...amsAuth/Context+AWSEventStreamsAuth.swift
View file
Open in desktop
File renamed without changes.
0 ...SDKEventStreamsAuth/Context+Signing.swift → ...SDKEventStreamsAuth/Context+Signing.swift
View file
Open in desktop
File renamed without changes.
0 ...SDKEventStreamsAuth/String+hexaData.swift → ...SDKEventStreamsAuth/String+hexaData.swift
View file
Open in desktop
File renamed without changes.
2 changes: 2 additions & 0 deletions Sources/Core/AWSSDKForSwift/Documentation.docc/AWSSDKForSwift.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,8 @@ This SDK is open-source. Code is available on Github [here](https://github.com/

[AWSSDKIdentity](../../../../../swift/api/awssdkidentity/latest)

[AWSSDKIdentityAPI](../../../../../swift/api/awssdkidentityapi/latest)

[AWSSDKPartitions](../../../../../swift/api/awssdkpartitions/latest)


Expand Down
2 changes: 1 addition & 1 deletion Sources/Core/AWSSDKHTTPAuth/Sources/AWSSDKHTTPAuth/AWSSigV4Signer.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
// SPDX-License-Identifier: Apache-2.0
//

import struct AWSSDKIdentity.S3ExpressIdentity
import struct AWSSDKIdentityAPI.S3ExpressIdentity
import class AwsCommonRuntimeKit.HTTPRequestBase
import class AwsCommonRuntimeKit.Signer
import class SmithyHTTPAPI.HTTPRequest
Expand Down
11 changes: 1 addition & 10 deletions ...rces/AWSSDKIdentity/AWSCredentialIdentityResolvers/SSOAWSCredentialIdentityResolver.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,15 +58,6 @@ public struct SSOAWSCredentialIdentityResolver: AWSCredentialIdentityResolver {
}

public func getIdentity(identityProperties: Attributes?) async throws -> AWSCredentialIdentity {
guard let identityProperties, let internalSSOClient = identityProperties.get(
key: InternalClientKeys.internalSSOClientKey
) else {
throw AWSCredentialIdentityResolverError.failedToResolveAWSCredentials(
"SSOAWSCredentialIdentityResolver: "
+ "Missing IdentityProvidingSSOClient in identity properties."
)
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need to get the internal SSO client from identity properties anymore, since it can now be directly created by this type (just below).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same change made in the following identity resolvers.

let fileBasedConfig = try CRTFileBasedConfiguration(
configFilePath: configFilePath,
credentialsFilePath: credentialsFilePath
Expand Down Expand Up @@ -97,7 +88,7 @@ public struct SSOAWSCredentialIdentityResolver: AWSCredentialIdentityResolver {
)
}

return try await internalSSOClient.getCredentialsWithSSOToken(
return try await IdentityProvidingSSOClient().getCredentialsWithSSOToken(
region: region,
accessToken: ssoToken.token,
accountID: accountID,
Expand Down
11 changes: 1 addition & 10 deletions ...KIdentity/AWSCredentialIdentityResolvers/STSAssumeRoleAWSCredentialIdentityResolver.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,19 +48,10 @@ public struct STSAssumeRoleAWSCredentialIdentityResolver: AWSCredentialIdentityR
}

public func getIdentity(identityProperties: Attributes?) async throws -> AWSCredentialIdentity {
guard let identityProperties, let internalSTSClient = identityProperties.get(
key: InternalClientKeys.internalSTSClientKey
) else {
throw AWSCredentialIdentityResolverError.failedToResolveAWSCredentials(
"STSAssumeRoleAWSCredentialIdentityResolver: "
+ "Missing IdentityProvidingSTSClient in identity properties."
)
}

let underlyingCreds = try await awsCredentialIdentityResolver.getIdentity(
identityProperties: identityProperties
)
return try await internalSTSClient.assumeRoleWithCreds(
return try await IdentityProvidingSTSClient().assumeRoleWithCreds(
creds: underlyingCreds,
roleARN: roleARN,
roleSessionName: roleSessionName,
Expand Down
Loading
Loading