Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge SRA Identity & Auth to master #4509

Merged
merged 210 commits into from
Oct 12, 2023

Conversation

gosar
Copy link
Contributor

@gosar gosar commented Sep 29, 2023

Motivation and Context

Refactor Identity & Auth components in the SDKs to follow the Smithy Reference Architecture (SRA). This is a backwards compatible refactor, that standardizes modular interfaces and improves the customizability for the SDKs.

Modifications

Lots of changes! Broadly,

  • New modules with new interfaces for Identity & Auth types: IdentityProvider, HttpSigner, AuthScheme, etc. And corresponding implementation modules.
  • Introduce new auth scheme resolution approach, which gives control on how to choose the auth scheme and configure the signing/identity resolution process.
  • Codegen changes to configure the clients to use the new auth/identity resolution logic.
  • Update core to support new auth resolution and execution using the new interfaces.
  • Update the client/request interfaces to allow customer to configure the client using these new interfaces, to support different customization use cases.
  • Introduce a service-level codegen flag to allow service-by-service migration to the new SRA approach.

Testing

Range of testing: unit, functional, integ, backwards compatibility, etc.

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING document
  • Local run of mvn install succeeds
    (Relying on CI)
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have added tests to cover my changes
  • All new and existing tests passed
  • I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
  • My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • I confirm that this pull request can be released under the Apache 2 license

gosar and others added 30 commits February 16, 2023 16:28
* Add new Identity and Authentication modules

These modules are empty for now.

* Update Identity & Auth module dependencies

* Add temporary Placeholder class

So there is a jar created for the module.

* Temporarily not fail maven-dependency-plugin

Currently have setup dependencies in maven but there is not
actual code dependencies across these modules. Once new
code is added to the modules this will be undone.

* Removed some answered TODOs
* Add new Identity interfaces

* Move Impl classes to own files

* Add missing @immutable

* Address feedback - interface override and javadoc edits

* Mark the new interfaces @threadsafe

* Remove static create methods in AwsCredentialsIdentity and impls

* Add japicmp excludes for methods moved to parent interface

Was getting these errors otherwise:
```
[ERROR] Failed to execute goal com.github.siom79.japicmp:japicmp-maven-plugin:0.15.6:cmp (default) on project auth: There is at least one incompatibility: software.amazon.awssdk.auth.credentials.AwsCredentials.accessKeyId():METHOD_REMOVED,software.amazon.awssdk.auth.credentials.AwsCredentials.secretAccessKey():METHOD_REMOVED,software.amazon.awssdk.auth.token.credentials.SdkToken.expirationTime():METHOD_REMOVED,software.amazon.awssdk.auth.token.credentials.SdkToken.token():METHOD_REMOVED -> [Help 1]
```
* Simplify hashCode and equals for ResolveIdentityRequest

* Fix doc link about AWS access keys

To match with updates to `AwsCredentials` in PR 3773.
* Accept and use the new AWS Credentials interfaces

In AwsClientBuilder and other places where customers used to be able to provide
AwsCredentialsProvider.

* Update client codegen for endpoint discovery

* Address some of Matt's feedback

* Switch one usage of overrideConfiguration.credentialsProvider

To use the new credentialsIdentityProvider() instead.

* Update tests to mock new IdentityProvider

* Handle null for CredentialUtils conversion methods

* Add IdentityProvider overload to S3CrtAsyncClientBuilder

* Add a TODO for removing a join() later

* Add TODO for AwsCredentialsProviderChain

* Add unit tests and few other minor changes

* Remove unnecessary fallback from AuthorizationStrategyFactory

* Fix test in S3

* Address PR feedback
* Add create() for new AwsCredentials Identity types

* Add `@see AwsSessionCredentialsIdentity` to AwsCredentialsIdentity

Will make it easier to discover `AwsSessionCredentialsIdentity.create` if
looking at `AwsCredentialsIdentity` and wondering how to create a session
credentials.
* AWS Resource Explorer Update: Documentation updates for APIs.

* Amazon GuardDuty Update: Updated 9 APIs for feature enablement to reflect expansion of GuardDuty to features. Added new APIs and updated existing APIs to support RDS Protection GA.

* Amazon SageMaker Runtime Update: Documentation updates for SageMaker Runtime

* Updated endpoints.json and partitions.json.

* Release 2.20.26. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.27-SNAPSHOT

* AWSBillingConductor Update: This release adds a new filter to ListAccountAssociations API and a new filter to ListBillingGroups API.

* AWS Config Update: This release adds resourceType enums for types released from October 2022 through February 2023.

* AWS Database Migration Service Update: S3 setting to create AWS Glue Data Catalog. Oracle setting to control conversion of timestamp column. Support for Kafka SASL Plain authentication. Setting to map boolean from PostgreSQL to Redshift. SQL Server settings to force lob lookup on inline LOBs and to control access of database logs.

* Updated endpoints.json and partitions.json.

* Release 2.20.27. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.28-SNAPSHOT

* Expose S3CrtHttpConfiguration (#3824)

* Expose S3CrtHttpConfiguration to allow users to configure HTTP settings such as connectionTimeout and proxy with the AWS CRT-based S3 client.

* Fix checkstyle errors and spotbug issue

* Address feedback

* close clientTlsContextOptions

* Revert "close clientTlsContextOptions"

This reverts commit e08c468.

* Fix version

* Update version

* Application Auto Scaling Update: With this release customers can now tag their Application Auto Scaling registered targets with key-value pairs and manage IAM permissions for all the tagged resources centrally.

* Amazon S3 on Outposts Update: S3 On Outposts added support for endpoint status, and a failed endpoint reason, if any

* Amazon WorkDocs Update: This release adds a new API, SearchResources, which enable users to search through metadata and content of folders, documents, document versions and comments in a WorkDocs site.

* Amazon Neptune Update: This release makes following few changes. db-cluster-identifier is now a required parameter of create-db-instance. describe-db-cluster will now return PendingModifiedValues and GlobalClusterIdentifier fields in the response.

* Updated endpoints.json and partitions.json.

* Release 2.20.28. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.29-SNAPSHOT

* Skip missing region test (#3848)

This test asserts that we throw a specific error message when no region is
provided, that message won't be thrown by client since it does its own
validation.

* cleans spaces when constructing an expression name (#3844)

* Application Migration Service Update: This release introduces the Import and export feature and expansion of the post-launch actions

* Amazon Elastic Compute Cloud Update: This release adds support for AWS Network Firewall, AWS PrivateLink, and Gateway Load Balancers to Amazon VPC Reachability Analyzer, and it makes the path destination optional as long as a destination address in the filter at source is provided.

* AWS Clean Rooms Service Update: GA Release of AWS Clean Rooms, Added Tagging Functionality

* AWS IoT SiteWise Update: Provide support for tagging of data streams and enabling tag based authorization for property alias

* Amazon Chime SDK Messaging Update: Amazon Chime SDK messaging customers can now manage streaming configuration for messaging data for archival and analysis.

* Updated endpoints.json and partitions.json.

* Release 2.20.29. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.30-SNAPSHOT

* Update tm builder log messages (#3822)

* Update logging and add OTHER enum type to S3ClientType

* Add tests

* Refactoring

* Remove third party plugin

* AWS IoT TwinMaker Update: This release adds support of adding metadata when creating a new scene or updating an existing scene.

* AWS Resilience Hub Update: This release provides customers with the ability to import resources from within an EKS cluster and assess the resiliency of EKS cluster workloads.

* Amazon EventBridge Pipes Update: This release improves validation on the ARNs in the API model

* AWS Network Manager Update: This release includes an update to create-transit-gateway-route-table-attachment, showing example usage for TransitGatewayRouteTableArn.

* AWS Identity and Access Management Update: Documentation updates for AWS Identity and Access Management (IAM).

* Amazon Simple Systems Manager (SSM) Update: This Patch Manager release supports creating, updating, and deleting Patch Baselines for AmazonLinux2023, AlmaLinux.

* Updated endpoints.json and partitions.json.

* Release 2.20.30. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.31-SNAPSHOT

* Document API for DynamoDB usung EnhancedDynamoDB impementation issue #36 (#3849)

* Adding new Interface EnhancedDocument (#3702)

* Adding new Interface EnhancedDocument

* Fix review comments from Anna-karin and David

* Addresed Zoe's comment

* DefaultEnhancedDocument implementation (#3718)

* DefaultEnhancedDocument implementation

* Updated Null check in the conveter itself while iterating Arrays of AttributeValue

* handled review comments

* Update test cases for JsonAttributeCOnverter

* Removed ctor and added a builder

* Removed ctor for toBuilder

* Implement Static factory methods of EnhancedDocument (#3752)

* DocumentTableSchema Implementation (#3758)

* DocumentTableSchema Implementation

* Handle review comments -1

* Handle review comments 2

* The builder for EnhancedDocument should not rely on the order in which attribute converters are added to it (#3780)

* Handled surface api comments of removing Generic access as Objects (#3811)

* TableSchema API to create table and functional tests

* Surface API Review

* Surface API Review - compilation issues

* Surface API Review - Review comments

* Surface API Review comments from Matt

* Compilation issue and toStringMethod for JsonNode

* Updated after handling Matt's comments

* Functional Test added

* Update in test cases

* Removed functional tests , will create new PR for this

* Review comments handled

* Explicutly adding the dependency in th pom.xml

* Removed @code from @snippet line in javadoc

* Remove extra spaces in Json and make it same as Items as in V1 (#3835)

* Remove extra spaces in Json and make it same as Items as in V1

* Moved Json string helper functions to seperate class

* Delete  unwanted class

* Functional Test Cases for Document DDB API and Surface API Review 2 comments (#3843)

* Functional Test Cases for Document DDB API and Surface API Review 2 comments

* Removed extra newlines from test cases

* Handled Review comments

* Removed primitive boolean getter and replaced with Boolean getter

* Spotbug issue fixed and using StringUtils

* StringUtils corrected the right package

* Sonar quebe test bug fixed

* Handled PR comments, \n 1. Moved DocumentTableSchema from mapper to document package

* Removed @inherit wherever not required

* Amazon SageMaker Service Update: Amazon SageMaker Autopilot adds two new APIs - CreateAutoMLJobV2 and DescribeAutoMLJobV2. Amazon SageMaker Notebook Instances now supports the ml.geospatial.interactive instance type.

* AWS Batch Update: This feature allows Batch to support configuration of ephemeral storage size for jobs running on FARGATE

* Amazon Textract Update: The AnalyzeDocument - Tables feature adds support for new elements in the API: table titles, footers, section titles, summary cells/tables, and table type.

* AWS Cloud Map Update: Reverted the throttling exception RequestLimitExceeded for AWS Cloud Map APIs introduced in SDK version 1.12.424 2023-03-09 to previous exception specified in the ErrorCode.

* Amazon Chime SDK Messaging Update: ExpirationSettings provides automatic resource deletion for Channels.

* CodeArtifact Update: Repository CreationTime is added to the CreateRepository and ListRepositories API responses.

* Amazon Interactive Video Service RealTime Update: Initial release of the Amazon Interactive Video Service RealTime API.

* Amazon Chime SDK Identity Update: AppInstanceBots can be used to add a bot powered by Amazon Lex to chat channels. ExpirationSettings provides automatic resource deletion for AppInstanceUsers.

* Amazon Chime SDK Voice Update: This release adds Amazon Chime SDK call analytics. Call analytics include voice analytics, which provides speaker search and voice tone analysis. These capabilities can be used with Amazon Transcribe and Transcribe Call Analytics to generate machine-learning-powered insights from real-time audio.

* Amazon Chime SDK Media Pipelines Update: This release adds Amazon Chime SDK call analytics. Call analytics include voice analytics, which provides speaker search and voice tone analysis. These capabilities can be used with Amazon Transcribe and Transcribe Call Analytics to generate machine-learning-powered insights from real-time audio.

* Amazon GuardDuty Update: Adds AutoEnableOrganizationMembers attribute to DescribeOrganizationConfiguration and UpdateOrganizationConfiguration APIs.

* AWS Elemental MediaConvert Update: AWS Elemental MediaConvert SDK now supports passthrough of ID3v2 tags for audio inputs to audio-only HLS outputs.

* Updated endpoints.json and partitions.json.

* Release 2.20.31. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.32-SNAPSHOT

* Change logs for release of Document API for DDB items (#3853)

* Close and release channel upon validation failure (#3855)

When content length validation fails when PublisherAdapter#onComplete is
invoked, behave as on PublisherAdapter#onError and also close and release the
channel; otherwise the channel would be left in the leased state forever.

* Add ServiceClientConfiguration to SdkClient (#3830)

* Add ServiceClientConfiguration to SdkClient

* Remove test

* Implement method in test clients

* Add tests

* Add tests

* Refactor test clients

* Refactoring

* Add AwsServiceClientConfiguration and refactor

* Fix build issues

* Refactoring

* Refactoring

* Refactoring

* Refactoring

* Refactoring

* Refactoring

* Add codegen test

* Fix build failure - change return type

* Remove unused import

* Refactoring

* Fix import

* Amazon Relational Database Service Update: Added error code CreateCustomDBEngineVersionFault for when the create custom engine version for Custom engines fails.

* Amazon Comprehend Update: This release adds a new field (FlywheelArn) to the EntitiesDetectionJobProperties object. The FlywheelArn field is returned in the DescribeEntitiesDetectionJob and ListEntitiesDetectionJobs responses when the EntitiesDetection job is started with a FlywheelArn instead of an EntityRecognizerArn .

* Amazon CloudWatch Update: Doc-only update to correct alarm actions list

* Updated endpoints.json and partitions.json.

* Release 2.20.32. Updated CHANGELOG.md, README.md and all pom.xml.

* Do not attempt to pad time string if current length is sufficient (#3676)

* Do not attempt to pad time string if current length is sufficient

* Remove 'final' modifier from local variables

---------

Co-authored-by: Anna-Karin Salander <salande@amazon.com>

* Update to next snapshot version: 2.20.33-SNAPSHOT

* Fixing build failure of PR-3767 (#3857)

* AWS Elemental MediaLive Update: AWS Elemental MediaLive now supports ID3 tag insertion for audio only HLS output groups. AWS Elemental Link devices now support tagging.

* Amazon Chime SDK Voice Update: Documentation updates for Amazon Chime SDK Voice.

* AWS SecurityHub Update: Added new resource detail objects to ASFF, including resources for AwsEksCluster, AWSS3Bucket, AwsEc2RouteTable and AwsEC2Instance.

* Amazon Connect Service Update: This release introduces support for RelatedContactId in the StartChatContact API. Interactive message and interactive message response have been added to the list of supported message content types for this API as well.

* Amazon Voice ID Update: Amazon Connect Voice ID now supports multiple fraudster watchlists. Every domain has a default watchlist where all existing fraudsters are placed by default. Custom watchlists may now be created, managed, and evaluated against for known fraudster detection.

* Amazon Connect Participant Service Update: This release provides an update to the SendMessage API to handle interactive message response content-types.

* Amazon SageMaker Service Update: Fixed some improperly rendered links in SDK documentation.

* AWS IoT Wireless Update: Introducing new APIs that enable Sidewalk devices to communicate with AWS IoT Core through Sidewalk gateways. This will empower AWS customers to connect Sidewalk devices with other AWS IoT Services, creating possibilities for seamless integration and advanced device management.

* Amazon Athena Update: Enforces a minimal level of encryption for the workgroup for query and calculation results that are written to Amazon S3. When enabled, workgroup users can set encryption only to the minimum level set by the administrator or higher when they submit queries.

* AWS Service Catalog App Registry Update: In this release, we started supporting ARN in applicationSpecifier and attributeGroupSpecifier. GetAttributeGroup, ListAttributeGroups and ListAttributeGroupsForApplication APIs will now have CreatedBy field in the response.

* Release 2.20.33. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.34-SNAPSHOT

* [Bug bash] Include sso and ssooidc dependencies in maven archetype (#3767)

Include sso and ssoidc dependencies in maven archetype

* Bytes in a toJson of EnhancedDocument should be represented in a decimal encoded format for their binary representation. (#3860)

* Bytes in a toJson of EnhancedDocument should be represented in a hexadecimal encoded format for their binary representation.

* Corrected the JsonItemAttributeConverterTest

* Fixed code smells

* Update changelog

* Fix serviceclientconfig build issues (#3864)

* Make serviceClientConfiguration()  default and throw unsupported operation exception

* Update client interface method

* Temporarily disable Poet Client tests

* remove unused imports

* Fix build issue

* Update codegen files and re-enable tests

* remove unnecessary method implementation from test client

* AWS Systems Manager Incident Manager Update: Increased maximum length of "TriggerDetails.rawData" to 10K characters and "IncidentSummary" to 8K characters.

* AWS Systems Manager Incident Manager Contacts Update: This release adds 12 new APIs as part of Oncall Schedule feature release, adds support for a new contact type: ONCALL_SCHEDULE. Check public documentation for AWS ssm-contacts for more information

* AWS IoT Data Plane Update: Add endpoint ruleset support for cn-north-1.

* Updated endpoints.json and partitions.json.

* Release 2.20.34. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.35-SNAPSHOT

* OpenSearch Service Serverless Update: This release includes two new exception types "ServiceQuotaExceededException" and "OcuLimitExceededException".

* Amazon Relational Database Service Update: Add support for creating a read replica DB instance from a Multi-AZ DB cluster.

* Updated endpoints.json and partitions.json.

* Release 2.20.35. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.36-SNAPSHOT

* TM: downloadDirectory refactor how SDK sends concurrent download file requests (#3867)

* Refactor async buffering subscriber

* AWS Compute Optimizer Update: This release adds support for HDD EBS volume types and io2 Block Express. We are also adding support for 61 new instance types and instances that have non consecutive runtime.

* AWSKendraFrontendService Update: AWS Kendra now supports featured results for a query.

* Amazon SageMaker geospatial capabilities Update: Amazon SageMaker geospatial capabilities now supports server-side encryption with customer managed KMS key and SageMaker notebooks with a SageMaker geospatial image in a Amazon SageMaker Domain with VPC only mode.

* Amazon GuardDuty Update: Added EKS Runtime Monitoring feature support to existing detector, finding APIs and introducing new Coverage APIs

* AWS Well-Architected Tool Update: AWS Well-Architected SDK now supports getting consolidated report metrics and generating a consolidated report PDF.

* Auto Scaling Update: Amazon EC2 Auto Scaling now supports Elastic Load Balancing traffic sources with the AttachTrafficSources, DetachTrafficSources, and DescribeTrafficSources APIs. This release also introduces a new activity status, "WaitingForConnectionDraining", for VPC Lattice to the DescribeScalingActivities API.

* Amazon VPC Lattice Update: General Availability (GA) release of Amazon VPC Lattice

* AWS Network Firewall Update: AWS Network Firewall added TLS inspection configurations to allow TLS traffic inspection.

* Amazon Athena Update: Make DefaultExecutorDpuSize and CoordinatorDpuSize fields optional in StartSession

* Elastic Disaster Recovery Service Update: Adding a field to the replication configuration APIs to support the auto replicate new disks feature. We also deprecated RetryDataReplication.

* AWS Batch Update: This feature allows Batch on EKS to support configuration of Pod Labels through Metadata for Batch on EKS Jobs.

* AWS Glue Update: This release adds support for AWS Glue Data Quality, which helps you evaluate and monitor the quality of your data and includes the API for creating, deleting, or updating data quality rulesets, runs and evaluations.

* EC2 Image Builder Update: Adds support for new image workflow details and image vulnerability detection.

* Amazon Interactive Video Service Update: Amazon Interactive Video Service (IVS) now offers customers the ability to configure IVS channels to allow insecure RTMP ingest.

* Amazon Elastic Compute Cloud Update: This release adds support for Tunnel Endpoint Lifecycle control, a new feature that provides Site-to-Site VPN customers with better visibility and control of their VPN tunnel maintenance updates.

* Amazon EMR Update: Updated DescribeCluster and ListClusters API responses to include ErrorDetail that specifies error code, programmatically accessible error data,and an error message. ErrorDetail provides the underlying reason for cluster failure and recommends actions to simplify troubleshooting of EMR clusters.

* Updated endpoints.json and partitions.json.

* Release 2.20.36. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.37-SNAPSHOT

* Fixed the issue where AWS CRT-based S3 client was eagerly buffering data before the underlying CRT component was able to handle it. (#3800)

* fix wrong Source Control url in sonatype (#3872)

fix wrong Source Control url in sonatype

* Amazon Elastic Compute Cloud Update: Documentation updates for EC2 On Demand Capacity Reservations

* Amazon Simple Storage Service Update: Documentation updates for Amazon S3

* Amazon CloudWatch Internet Monitor Update: This release adds a new feature for Amazon CloudWatch Internet Monitor that enables customers to deliver internet measurements to Amazon S3 buckets as well as CloudWatch Logs.

* AWS Server Migration Service Update: Deprecating AWS Server Migration Service.

* AWS Resilience Hub Update: Adding EKS related documentation for appTemplateBody

* Amazon SageMaker Feature Store Runtime Update: In this release, you can now chose between soft delete and hard delete when calling the DeleteRecord API, so you have more flexibility when it comes to managing online store data.

* Updated endpoints.json and partitions.json.

* Release 2.20.37. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.38-SNAPSHOT

* Added option of using an explicit `ExecutorService` in `FileAsyncResponseTransformer` (#3875)

Co-authored-by: Zoe Wang <33073555+zoewangg@users.noreply.github.com>

* AmazonMWAA Update: This Amazon MWAA release adds the ability to customize the Apache Airflow environment by launching a shell script at startup. This shell script is hosted in your environment's Amazon S3 bucket. Amazon MWAA runs the script before installing requirements and initializing the Apache Airflow process.

* AWS License Manager Update: This release adds grant override options to the CreateGrantVersion API. These options can be used to specify grant replacement behavior during grant activation.

* AWS Glue Update: Add support for database-level federation

* AWS Service Catalog Update: This release introduces Service Catalog support for Terraform open source. It enables 1. The notify* APIs to Service Catalog. These APIs are used by the terraform engine to notify the result of the provisioning engine execution. 2. Adds a new TERRAFORM_OPEN_SOURCE product type in CreateProduct API.

* AWS WAFV2 Update: For web ACLs that protect CloudFront protections, the default request body inspection size is now 16 KB, and you can use the new association configuration to increase the inspection size further, up to 64 KB. Sizes over 16 KB can incur additional costs.

* AWS Lake Formation Update: Add support for database-level federation

* Updated endpoints.json and partitions.json.

* Release 2.20.38. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.39-SNAPSHOT

* AWS Data Exchange Update: This release updates the value of MaxResults.

* Amazon SageMaker Runtime Update: Amazon SageMaker Asynchronous Inference now provides customers a FailureLocation as a response parameter in InvokeEndpointAsync API to capture the model failure responses.

* Amazon SageMaker Service Update: Amazon SageMaker Asynchronous Inference now allows customer's to receive failure model responses in S3 and receive success/failure model responses in SNS notifications.

* Amazon Elastic Compute Cloud Update: C6in, M6in, M6idn, R6in and R6idn bare metal instances are powered by 3rd Generation Intel Xeon Scalable processors and offer up to 200 Gbps of network bandwidth.

* Auto Scaling Update: Documentation updates for Amazon EC2 Auto Scaling

* AWS WAFV2 Update: This release rolls back association config feature for webACLs that protect CloudFront protections.

* Amazon Elastic Inference Update: Updated public documentation for the Describe and Tagging APIs.

* AWS Amplify UI Builder Update: Support StorageField and custom displays for data-bound options in form builder. Support non-string operands for predicates in collections. Support choosing client to get token from.

* Updated endpoints.json and partitions.json.

* Release 2.20.39. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.40-SNAPSHOT

* Fixing the documentation for UpdateItemEnhancedResponse to correctly describe which return values the attributes have (#3881)

* Amazon Interactive Video Service RealTime Update: Fix ParticipantToken ExpirationTime format

* AWS App Runner Update: App Runner adds support for seven new vCPU and memory configurations.

* AWS Service Catalog Update: removed incorrect product type value

* Amazon VPC Lattice Update: This release removes the entities in the API doc model package for auth policies.

* Amazon EC2 Container Service Update: This is a document only updated to add information about Amazon Elastic Inference (EI).

* AWS Network Firewall Update: AWS Network Firewall now supports IPv6-only subnets.

* AWS SSO Identity Store Update: Documentation updates for Identity Store CLI command reference.

* AWS Config Update: This release adds resourceType enums for types released in March 2023.

* Updated endpoints.json and partitions.json.

* Release 2.20.40. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.41-SNAPSHOT

* S3 URI Parser (#3874)

* S3 URI Parser

* S3 URI Parser

* S3 URI Parser

* S3 URI Parser

* Refactoring

* Refactoring

* Refactoring

* Refactoring

* Refactoring

* Refactoring

* Refactoring

* Refactoring

* AWS Proton Update: This release adds support for the AWS Proton service sync feature. Service sync enables managing an AWS Proton service (creating and updating instances) and all of it's corresponding service instances from a Git repository.

* Amazon Relational Database Service Update: Adds and updates the SDK examples

* AWS IoT Greengrass V2 Update: Add support for SUCCEEDED value in coreDeviceExecutionStatus field. Documentation updates for Greengrass V2.

* AWS CloudFormation Update: Including UPDATE_COMPLETE as a failed status for DeleteStack waiter.

* Updated endpoints.json and partitions.json.

* Release 2.20.41. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.42-SNAPSHOT

* Support ClientContextParams for S3CrtAsyncClient (#3880)

Only support UseArnRegion and ForcePathStyle as they're the only ones we can
support with the CRT client.

* Include flattened mappers in converter resolution (#3877)

This ensures that flattened fields are correctly resolved for conversion.
This mostly impacts extensions such as the AutoGeneratedTimestampRecordExtension
which could not handle a flattend timestamp field.

#3150

Co-authored-by: Andy Kiesler <kiesler@amazon.com>

* Re-enable disabled S3 tests (#3876)

* docs: add akiesler as a contributor for code (#3890)

* docs: update README.md [skip ci]

* docs: update .all-contributorsrc [skip ci]

---------

Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>

* Amazon DocumentDB with MongoDB compatibility Update: This release adds a new parameter 'DBClusterParameterGroupName' to 'RestoreDBClusterFromSnapshot' API to associate the name of the DB cluster parameter group while performing restore.

* Redshift Data API Service Update: Update documentation of API descriptions as needed in support of temporary credentials with IAM identity.

* AWS Lambda Update: This release adds a new Lambda InvokeWithResponseStream API to support streaming Lambda function responses. The release also adds a new InvokeMode parameter to Function Url APIs to control whether the response will be streamed or buffered.

* Amazon Data Lifecycle Manager Update: Updated timestamp format for GetLifecyclePolicy API

* AWS Service Catalog Update: Updates description for property

* Amazon QuickSight Update: This release has two changes: adding the OR condition to tag-based RLS rules in CreateDataSet and UpdateDataSet; adding RefreshSchedule and Incremental RefreshProperties operations for users to programmatically configure SPICE dataset ingestions.

* Amazon FSx Update: Amazon FSx for Lustre now supports creating data repository associations on Persistent_1 and Scratch_2 file systems.

* Release 2.20.42. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.43-SNAPSHOT

* Expose numRetries  to configure maxRetries on error in the S3CrtClient Interface (#3885)

* Expose StandardRetryOptions in the S3CrtClient Interface

* Added wrapper class for CRT retry config

* Added Null checks and test cases

* Handled PR comment on javadoc

* Handled NIT comments

* Use mock HTTP client instead of WireMock (#3893)

* Add waiter when deleting objects to fix occasional flakiness (#3891)

* Amazon Connect Service Update: This release adds the ability to configure an agent's routing profile to receive contacts from multiple channels at the same time via extending the UpdateRoutingProfileConcurrency, CreateRoutingProfile and DescribeRoutingProfile APIs.

* Amazon EC2 Container Service Update: This release adds support for enabling FIPS compliance on Amazon ECS Fargate tasks

* AWS Marketplace Catalog Service Update: Added three new APIs to support resource sharing: GetResourcePolicy, PutResourcePolicy, and DeleteResourcePolicy. Added new OwnershipType field to ListEntities request to let users filter on entities that are shared with them. Increased max page size of ListEntities response from 20 to 50 results.

* Amazon Rekognition Update: This release adds support for Face Liveness APIs in Amazon Rekognition. Updates UpdateStreamProcessor to return ResourceInUseException Exception. Minor updates to API documentation.

* Amazon Omics Update: Remove unexpected API changes.

* AWS Elemental MediaConvert Update: AWS Elemental MediaConvert SDK now supports conversion of 608 paint-on captions to pop-on captions for SCC sources.

* Updated endpoints.json and partitions.json.

* Release 2.20.43. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.44-SNAPSHOT

* Amazon EventBridge Update: EventBridge PutTarget support for multiple SQL arguments on RedshiftDataParameters

* EMR Serverless Update: This release extends GetJobRun API to return job run timeout (executionTimeoutMinutes) specified during StartJobRun call (or default timeout of 720 minutes if none was specified).

* Amazon Elastic Container Registry Public Update: This release will allow using registry alias as registryId in BatchDeleteImage request.

* AWS WAFV2 Update: For web ACLs that protect CloudFront protections, the default request body inspection size is now 16 KB, and you can use the new association configuration to increase the inspection size further, up to 64 KB. Sizes over 16 KB can incur additional costs.

* AWS IoT Update: This release allows AWS IoT Core users to specify a TLS security policy when creating and updating AWS IoT Domain Configurations.

* AWS IoT Data Plane Update: This release adds support for MQTT5 user properties when calling the AWS IoT GetRetainedMessage API

* Updated endpoints.json and partitions.json.

* Release 2.20.44. Updated CHANGELOG.md, README.md and all pom.xml.

* Expose endpointOverride through ServiceClientConfiguration (#3900)

* Expose endpointOverride through ServiceClientConfiguration

* Refactoring

* Add endpointOverride to equals and hashcode

* Fix build errors

* Refactoring

* AWS WAFV2 Update: For web ACLs that protect CloudFront protections, the default request body inspection size is now 16 KB, and you can use the new association configuration to increase the inspection size further, up to 64 KB. Sizes over 16 KB can incur additional costs.

* AWS IoT Update: Re-release to remove unexpected API changes

* Amazon Elastic Container Registry Public Update: This release will allow using registry alias as registryId in BatchDeleteImage request.

* Amazon EventBridge Update: EventBridge PutTarget support for multiple SQL arguments on RedshiftDataParameters

* EMR Serverless Update: This release extends GetJobRun API to return job run timeout (executionTimeoutMinutes) specified during StartJobRun call (or default timeout of 720 minutes if none was specified).

* AWS IoT Data Plane Update: This release adds support for MQTT5 user properties when calling the AWS IoT GetRetainedMessage API

* Updated endpoints.json and partitions.json.

* Release 2.20.44. Updated CHANGELOG.md, README.md and all pom.xml.

* Revert "AWS IoT Update: This release allows AWS IoT Core users to specify a TLS security policy when creating and updating AWS IoT Domain Configurations."

This reverts commit 9e6efde.

* Fix conflicts with changelogs

* Update to next snapshot version: 2.20.45-SNAPSHOT

* AWS Ground Station Update: AWS Ground Station Wideband DigIF GA Release

* Amazon Managed Blockchain Update: Removal of the Ropsten network. The Ethereum foundation ceased support of Ropsten on December 31st, 2022..

* Updated endpoints.json and partitions.json.

* Release 2.20.45. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.46-SNAPSHOT

* AWS MediaConnect Update: Gateway is a new feature of AWS Elemental MediaConnect. Gateway allows the deployment of on-premises resources for the purpose of transporting live video to and from the AWS Cloud.

* Amazon Chime SDK Voice Update: This release adds tagging support for Voice Connectors and SIP Media Applications

* Updated endpoints.json and partitions.json.

* Release 2.20.46. Updated CHANGELOG.md, README.md and all pom.xml.

* Update to next snapshot version: 2.20.47-SNAPSHOT

* Bump crt version to 0.21.12 (#3908)

* Update new modules in branch to 2.20.47-SNAPSHOT

* Fix import ordering

---------

Co-authored-by: AWS <>
Co-authored-by: aws-sdk-java-automation <43143862+aws-sdk-java-automation@users.noreply.github.com>
Co-authored-by: Zoe Wang <33073555+zoewangg@users.noreply.github.com>
Co-authored-by: Dongie Agnir <261310+dagnir@users.noreply.github.com>
Co-authored-by: Anna-Karin Salander <salande@amazon.com>
Co-authored-by: David Ho <70000000+davidh44@users.noreply.github.com>
Co-authored-by: John Viegas <70235430+joviegas@users.noreply.github.com>
Co-authored-by: belugabehr <12578579+belugabehr@users.noreply.github.com>
Co-authored-by: Olivier L Applin <olapplin@amazon.com>
Co-authored-by: Mike Pedersen <mikepedersen@humio.com>
Co-authored-by: Andy Kiesler <4186292+akiesler@users.noreply.github.com>
Co-authored-by: Andy Kiesler <kiesler@amazon.com>
Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com>
Co-authored-by: Dongie Agnir <dongie@amazon.com>
* Accept and use the new TokenIdentity interfaces

* Move TokenUtils to internal sub-package
This makes the build work without disabling the
maven-dependency-plugin and removes the Placeholder files.
* Made interfaces @SdkPublicApi
* Added test for equals and hashCode
* Add main auth scheme interfaces

* Change Consumer interface and address comments

* Move schemeId into Builder method instead of constructor
* refactors credential identity to create separate classes

* Minor changes to default identity classes
* Fix generics related warning in Signer interfaces

* Remove <T> for HttpAuthOption.Builder.schemeId

* Remove wildcards from sign methods

* Make Identity explicit in HttpSignRequest

* Make IdentityT type extend Identity in HttpSigner

* Add consumer builder pattern to HttpSigner methods

They have default implementation that rely on new
DefaultHttpSignRequest.BuilderImpl constructor that relies on the
generic IdentityT without knowing the Class of that type. This class
is @SdkInternalApi so this constructor is considered private.

Also, make HttpSignRequest.builder take Class<IdentityT> as parameter.

Also, make IdentityT type extends Identity in HttpSignRequest.

* Add test to show HttpSigner usage

* Note identityType parameter is ignored in HttpSignRequest.builder

* Use separate interfaces for sync and async sign requests

This fixes HttpSignerTest.signAsync_usingRequest_works test.

* Use abstract DefaultHttpSignRequest to avoid duplication

* Split sync/async interfaces for SignedHttpRequest

And removed `payloadType()` accessor.

Also, HttpSignRequest builders take Identity as parameter instead of Class<IdentityT>.

* Minor fixes

* Added missing Builder method override for identity
* Fixed javadocs
* Fixed toString

* Make protected properties Map an unmodifiableMap

* Remove overriding in HttpSignRequest.Builder sub-interfaces

* Remove overriding in SignedHttpRequest.Builder sub-interfaces

* Allow sign methods take request with subtype of the IdentityT

* Make HttpSignRequest @SdkProtectedApi

* Make HttpSignRequest @SdkPublicApi
* Add initial AuthSchemeProvider codegen

This includes:
* AuthSchemeParams interface and implementation.
* AuthSchemeProvider interface
* AuthSchemeProvider implementation is stubbed out for now.
* Plumbing to generate authscheme related code

* Refactor to remove some duplication

* Add AuthSchemeProvider marker interface

This is needed for setting authSchemeProvider client configuration option.

* Add/update generated javadoc

* Use ".auth.scheme" for java package

Also, removed/updated some TODOs.

* Fix java package in expected test output
* Generate authSchemeProvider setter in service client builder

* Configure client with default AuthSchemeProvider
* Add interface stubs for new signer implementations

* Fix HttpSign* interfaces with correct types

* Add initial default implementation of BearerHttpSigner

* Fix pom descriptions

* Update signer stubs with latest interface changes

* Fix JavaDoc styling

* Optimize performance when creating bearer authz header string
gosar and others added 9 commits October 6, 2023 10:10
With the short-circuit it is possible that the signedRequest.payload()
isn't set on the resulting SdkHttpFullRequest. In cases where the
payload doesn't actually change during HttpSigner.sign(), this is
ok. But the payload *can* change, e.g., for chunk-encoding, so need to
extract the resulting payload from signedRequest.payload().

This change was already made to SigningStage.
* Move public methods to top of DefaultAwsV4HttpSigner

And other minor refactoring.

* V4Context is not Immutable

* Remove content length from builder instead of signed request
* Rename V4Context

* Rename V4aContext

* Update v4a's RequestSigningResult to V4aRequestSigningResult
…ned-headers (#4560)

* Update presigner so host is set and content-hash is excluded

* Address comments

* Rebase on latest changes
@@ -25,10 +25,21 @@
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.reactivestreams.Subscriber;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

addressing in #4574

@@ -23,6 +23,7 @@
import java.util.List;
import java.util.Map;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Disabled;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

addressing in #4574

pom.xml Outdated
@@ -491,7 +492,6 @@
</execution>
</executions>
<configuration>
<failOnWarning>true</failOnWarning>
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

addressing this and the addition on lines 640 and 646 in #4574

* Add tests to override configuration with plugins

* Add an suppression to SpotBugs that is getting confused about the nullability
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just noticed we never had public/protected/private annotations for these! I'll create a quick PR to fix.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Being fixed in #4581

}
updateInterceptorContext(signedRequest, context.executionContext());
return signedRequest;
// TODO: This case does not apply to SigningStage as event stream operations are not supported by SyncClients that
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any reason we left this in here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing in #4574

@@ -57,4 +58,10 @@ public void test_signerOverriddenForStreamingInput_takesPrecedence() {

verify(mockSigner).sign(any(SdkHttpFullRequest.class), any(ExecutionAttributes.class));
}

// TODO(sra-identity-and-auth): Add test for SRA way of overriding signer to assert that overridden signer is used.
// To do this, need ability to inject AuthScheme which uses mock HttpSigner. This is pending https://i.amazon.com/SMITHY-1450
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removethe URL

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing in #4574

@dagnir
Copy link
Contributor

dagnir commented Oct 11, 2023

Are we tracking all of the TODOs introduced in this change?

@gosar
Copy link
Contributor Author

gosar commented Oct 12, 2023

Are we tracking all of the TODOs introduced in this change?

Not individually in all cases. Some have specific tracking items. But we have a line item in the release plan to review all TODOs again for the next phase of the release. After that we can create items for whatever is not addressed.

@gosar gosar marked this pull request as ready for review October 12, 2023 16:09
@gosar gosar requested a review from a team as a code owner October 12, 2023 16:09
* Cleanup unexpected changes from earlier merges

* Update TODO in AsyncSignerOverrideTest

* Remove async related dead code path from SigningStage

* Make http-auth-aws -> eventstream optional

* Override maven-depedency-plugin for http-auth-aws-crt/eventstream

* Add aws-crt as optional dependency from http-auth-aws

It is a used but undeclared depenency causing maven-dependency-plugin
to fail. Making it optional similar to http-auth-aws-crt.

* Fix maven-dependency-plugin failures for services

* SdkClientConfigurationUtil which is code generated in each service
  depends on ProfileFileSupplier from profiles module.

* All services will need http-auth for useSraAuth=true for dependency
  on NoAuthAuthScheme. But get unused declared dependency failure when
  useSraAuth=false. So temporarily ignoring it until we are fully on
  SRA Identity & Auth.

* Fix all maven-dependency-plugin failures

* Fix missing runtime dependencies for old-client-version-compatibility-test

* Ignore http-auth dependency from transcribestreaming

* crt-core doesn't seem to be needed in old-client-version-compatibility-test
…4571)

Change log entry for releasing updated core for SRA Identity & Auth
@gosar gosar changed the title [Draft] Merge SRA Identity & Auth to master Merge SRA Identity & Auth to master Oct 12, 2023
@aws-sdk-java-automation aws-sdk-java-automation merged commit 99c975d into master Oct 12, 2023
14 of 16 checks passed
@sonarcloud
Copy link

sonarcloud bot commented Oct 12, 2023

SonarCloud Quality Gate failed.    Quality Gate failed

Bug C 8 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 541 Code Smells

84.9% 84.9% Coverage
4.2% 4.2% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

sugmanue added a commit that referenced this pull request Oct 20, 2023
…-auth"

This reverts commit 99c975d, reversing
changes made to 157989a.
@millems millems deleted the feature/master/sra-identity-auth branch February 5, 2024 20:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants