aws · sugmanue · Feb 17, 2023 · Mar 4, 2023 · Mar 9, 2023 · Apr 3, 2023
@@ -32,6 +32,14 @@
         "utils": { "packageName": "AwsJavaSdk-Core-Utils" },
         "imds": { "packageName": "AwsJavaSdk-Imds" },
         "crt-core": { "packageName": "AwsJavaSdk-Core-CrtCore" },
+        "checksums-spi": { "packageName": "AwsJavaSdk-Core-ChecksumsSpi" },
+        "checksums": { "packageName": "AwsJavaSdk-Core-Checksums" },
+        "identity-spi": { "packageName": "AwsJavaSdk-Core-IdentitySpi" },
+        "http-auth-spi": { "packageName": "AwsJavaSdk-Core-HttpAuthSpi" },
+        "http-auth": { "packageName": "AwsJavaSdk-Core-HttpAuth" },
+        "http-auth-aws": { "packageName": "AwsJavaSdk-Core-HttpAuthAws" },
+        "http-auth-aws-crt": { "packageName": "AwsJavaSdk-Core-HttpAuthAwsCrt" },
+        "http-auth-aws-eventstream": { "packageName": "AwsJavaSdk-Core-HttpAuthAwsEventStream" },
 
         "dynamodb": { "packageName": "AwsJavaSdk-DynamoDb" },
         "waf": { "packageName": "AwsJavaSdk-Waf" },
@@ -74,6 +82,7 @@
         "http-clients": { "skipImport": true },
         "metric-publishers": { "skipImport": true },
         "module-path-tests": { "skipImport": true },
+        "old-client-version-compatibility-test": { "skipImport": true },
         "protocol-tests": { "skipImport": true },
         "protocol-tests-core": { "skipImport": true },
         "protocols": { "skipImport": true },

@@ -127,6 +127,46 @@
                 <artifactId>sdk-core</artifactId>
                 <version>${awsjavasdk.version}</version>
             </dependency>
+            <dependency>
+                <groupId>software.amazon.awssdk</groupId>
+                <artifactId>checksums-spi</artifactId>
+                <version>${awsjavasdk.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>software.amazon.awssdk</groupId>
+                <artifactId>checksums</artifactId>
+                <version>${awsjavasdk.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>software.amazon.awssdk</groupId>
+                <artifactId>http-auth-spi</artifactId>
+                <version>${awsjavasdk.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>software.amazon.awssdk</groupId>
+                <artifactId>http-auth</artifactId>
+                <version>${awsjavasdk.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>software.amazon.awssdk</groupId>
+                <artifactId>http-auth-aws</artifactId>
+                <version>${awsjavasdk.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>software.amazon.awssdk</groupId>
+                <artifactId>http-auth-aws-crt</artifactId>
+                <version>${awsjavasdk.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>software.amazon.awssdk</groupId>
+                <artifactId>http-auth-aws-eventstream</artifactId>
+                <version>${awsjavasdk.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>software.amazon.awssdk</groupId>
+                <artifactId>identity-spi</artifactId>
+                <version>${awsjavasdk.version}</version>
+            </dependency>
             <dependency>
                 <groupId>software.amazon.awssdk</groupId>
                 <artifactId>http-client-spi</artifactId>

@@ -43,11 +43,12 @@
             ]]>
         </Details>
     </BugPattern>
+    <BugCode abbrev="BM">Bad method call</BugCode>
+
     <BugPattern type="BAD_TO_BUILDER">
         <ShortDescription>Bad toBuilder implementation</ShortDescription>
         <LongDescription>Bad toBuilder implementation. See the SpotBugs logs for problem details.</LongDescription>
         <Details>Bad toBuilder implementation. See the SpotBugs logs for problem details.</Details>
     </BugPattern>
-
     <BugCode abbrev="BTB">Bad toBuilder implementation</BugCode>
-</MessageCollection>
+</MessageCollection>
@@ -135,6 +135,12 @@
         <Bug pattern="EI_EXPOSE_REP" />
     </Match>
 
+    <Match>
+        <Class name="software.amazon.awssdk.http.auth.aws.crt.internal.signer.V4aContext" />
+        <Method name="getSignature" />
+        <Bug pattern="EI_EXPOSE_REP" />
+    </Match>
+
     <Match>
         <Class name="software.amazon.awssdk.protocols.json.internal.unmarshall.JsonProtocolUnmarshaller" />
         <Method name="unmarshallStructured" />
@@ -266,4 +272,13 @@
         <Method name="fromFile"/>
         <Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE"/>
     </Match>
+
+    <!-- Intentional for backwards-compatibility -->
+    <Match>
+        <Or>
+            <Class name="software.amazon.awssdk.auth.signer.AwsSignerExecutionAttribute"/>
+            <Class name="software.amazon.awssdk.auth.signer.S3SignerExecutionAttribute"/>
+        </Or>
+        <Bug pattern="NP_BOOLEAN_RETURN_NULL"/>
+    </Match>
 </FindBugsFilter>
@@ -18,7 +18,7 @@ phases:
     commands:
     - python ./scripts/doc_crosslinks/generate_cross_link_data.py --apiDefinitionsBasePath ./services/ --apiDefinitionsRelativeFilePath src/main/resources/codegen-resources/service-2.json  --templateFilePath ./scripts/doc_crosslinks/crosslink_redirect.html --outputFilePath ./scripts/crosslink_redirect.html
     - mvn install -P quick -T1C
-    - mvn clean install javadoc:aggregate -B -Ppublic-javadoc -Dcheckstyle.skip -Dspotbugs.skip -DskipTests -Ddoclint=none -pl '!:protocol-tests,!:protocol-tests-core,!:codegen-generated-classes-test,!:sdk-benchmarks,!:s3-benchmarks,!:module-path-tests,!:test-utils,!:http-client-tests,!:tests-coverage-reporting,!:sdk-native-image-test,!:ruleset-testing-core'
+    - mvn clean install javadoc:aggregate -B -Ppublic-javadoc -Dcheckstyle.skip -Dspotbugs.skip -DskipTests -Ddoclint=none -pl '!:protocol-tests,!:protocol-tests-core,!:codegen-generated-classes-test,!:sdk-benchmarks,!:s3-benchmarks,!:module-path-tests,!:test-utils,!:http-client-tests,!:tests-coverage-reporting,!:sdk-native-image-test,!:ruleset-testing-core!:old-client-version-compatibility-testing'
     - RELEASE_VERSION=`mvn -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec`
     -
     - aws s3 sync target/site/apidocs/ $DOC_PATH/$RELEASE_VERSION/

@@ -40,7 +40,7 @@ phases:
             awk 'BEGIN { var=ENVIRON["SDK_SIGNING_GPG_KEYNAME"] } { gsub("\\$SDK_SIGNING_GPG_KEYNAME", var, $0); print }' > \
             $SETTINGS_XML
 
-          mvn clean deploy -B -s $SETTINGS_XML -Ppublishing -DperformRelease -Dspotbugs.skip -DskipTests -Dcheckstyle.skip -Djapicmp.skip -Ddoclint=none -pl !:protocol-tests,!:protocol-tests-core,!:codegen-generated-classes-test,!:sdk-benchmarks,!:module-path-tests,!:tests-coverage-reporting,!:stability-tests,!:sdk-native-image-test,!:auth-tests,!:s3-benchmarks,!:region-testing -DautoReleaseAfterClose=true -DstagingProgressTimeoutMinutes=30
+          mvn clean deploy -B -s $SETTINGS_XML -Ppublishing -DperformRelease -Dspotbugs.skip -DskipTests -Dcheckstyle.skip -Djapicmp.skip -Ddoclint=none -pl !:protocol-tests,!:protocol-tests-core,!:codegen-generated-classes-test,!:sdk-benchmarks,!:module-path-tests,!:tests-coverage-reporting,!:stability-tests,!:sdk-native-image-test,!:auth-tests,!:s3-benchmarks,!:region-testing!:old-client-version-compatibility-testing -DautoReleaseAfterClose=true -DstagingProgressTimeoutMinutes=30
         else
           echo "This version was already released."
         fi
@@ -77,6 +77,26 @@
             <artifactId>auth</artifactId>
             <version>${awsjavasdk.version}</version>
         </dependency>
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>identity-spi</artifactId>
+            <version>${awsjavasdk.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>http-auth</artifactId>
+            <version>${awsjavasdk.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>http-auth-spi</artifactId>
+            <version>${awsjavasdk.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>http-auth-aws</artifactId>
+            <version>${awsjavasdk.version}</version>
+        </dependency>
         <dependency>
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>arns</artifactId>

@@ -15,6 +15,9 @@
 
 package software.amazon.awssdk.codegen;
 
+import java.util.Collections;
+import java.util.Optional;
+import java.util.stream.Collectors;
 import software.amazon.awssdk.codegen.internal.Constant;
 import software.amazon.awssdk.codegen.model.config.customization.CustomizationConfig;
 import software.amazon.awssdk.codegen.model.intermediate.Metadata;
@@ -59,6 +62,7 @@ public static Metadata constructMetadata(ServiceModel serviceModel,
                 .withPaginatorsPackageName(namingStrategy.getPaginatorsPackageName(serviceName))
                 .withWaitersPackageName(namingStrategy.getWaitersPackageName(serviceName))
                 .withEndpointRulesPackageName(namingStrategy.getEndpointRulesPackageName(serviceName))
+                .withAuthSchemePackageName(namingStrategy.getAuthSchemePackageName(serviceName))
                 .withServiceAbbreviation(serviceMetadata.getServiceAbbreviation())
                 .withServiceFullName(serviceMetadata.getServiceFullName())
                 .withServiceName(serviceName)
@@ -78,7 +82,12 @@ public static Metadata constructMetadata(ServiceModel serviceModel,
                 .withServiceId(serviceMetadata.getServiceId())
                 .withSupportsH2(supportsH2(serviceMetadata))
                 .withJsonVersion(getJsonVersion(metadata, serviceMetadata))
-                .withAwsQueryCompatible(serviceMetadata.getAwsQueryCompatible());
+                .withAwsQueryCompatible(serviceMetadata.getAwsQueryCompatible())
+                .withAuth(Optional.ofNullable(serviceMetadata.getAuth())
+                                  .orElseGet(() -> Collections.singletonList(serviceMetadata.getSignatureVersion()))
+                                  .stream()
+                                  .map(AuthType::fromValue)
+                                  .collect(Collectors.toList()));
 
         return metadata;
     }

@@ -17,9 +17,11 @@
 
 import static software.amazon.awssdk.codegen.internal.Utils.unCapitalize;
 
+import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.TreeMap;
+import java.util.stream.Collectors;
 import software.amazon.awssdk.codegen.model.intermediate.ExceptionModel;
 import software.amazon.awssdk.codegen.model.intermediate.OperationModel;
 import software.amazon.awssdk.codegen.model.intermediate.ReturnTypeModel;
@@ -70,6 +72,9 @@ private static boolean isBlobShape(Shape shape) {
     }
 
     /**
+     * If there is a member in the output shape that is explicitly marked as the payload (with the payload trait) this method
+     * returns the target shape of that member. Otherwise this method returns null.
+     *
      * @return True if shape is a String type. False otherwise
      */
     private static boolean isStringShape(Shape shape) {
@@ -81,10 +86,8 @@ private static boolean isStringShape(Shape shape) {
      * payload trait) this method returns the target shape of that member. Otherwise this method
      * returns null.
      *
-     * @param c2jShapes
-     *            All C2J shapes
-     * @param outputShape
-     *            Output shape of operation that may contain a member designated as the payload
+     * @param c2jShapes   All C2J shapes
+     * @param outputShape Output shape of operation that may contain a member designated as the payload
      */
     public static Shape getPayloadShape(Map<String, Shape> c2jShapes, Shape outputShape) {
         if (outputShape.getPayload() == null) {
@@ -174,6 +177,7 @@ public Map<String, OperationModel> constructOperations() {
             operationModel.setHttpChecksum(op.getHttpChecksum());
             operationModel.setRequestCompression(op.getRequestCompression());
             operationModel.setStaticContextParams(op.getStaticContextParams());
+            operationModel.setAuth(getAuthFromOperation(op));
 
             Input input = op.getInput();
             if (input != null) {
@@ -183,7 +187,7 @@ public Map<String, OperationModel> constructOperations() {
                                        c2jShapes.get(originalShapeName).getDocumentation();
 
                 operationModel.setInput(new VariableModel(unCapitalize(inputShape), inputShape)
-                                                .withDocumentation(documentation));
+                                            .withDocumentation(documentation));
 
             }
 
@@ -195,7 +199,7 @@ public Map<String, OperationModel> constructOperations() {
                 String documentation = getOperationDocumentation(output, outputShape);
 
                 operationModel.setReturnType(
-                        new ReturnTypeModel(responseClassName).withDocumentation(documentation));
+                    new ReturnTypeModel(responseClassName).withDocumentation(documentation));
                 if (isBlobShape(getPayloadShape(c2jShapes, outputShape))) {
                     operationModel.setHasBlobMemberAsPayload(true);
                 }
@@ -208,8 +212,8 @@ public Map<String, OperationModel> constructOperations() {
                 for (ErrorMap error : op.getErrors()) {
 
                     String documentation =
-                            error.getDocumentation() != null ? error.getDocumentation() :
-                            c2jShapes.get(error.getShape()).getDocumentation();
+                        error.getDocumentation() != null ? error.getDocumentation() :
+                        c2jShapes.get(error.getShape()).getDocumentation();
 
                     Integer httpStatusCode = getHttpStatusCode(error, c2jShapes.get(error.getShape()));
 
@@ -228,6 +232,22 @@ public Map<String, OperationModel> constructOperations() {
         return javaOperationModels;
     }
 
+    /**
+     * Returns the list of authTypes defined for an operation. If the new auth member is defined we use it, otherwise we retrofit
+     * the list with the value of the authType member if present or return an empty list if not.
+     */
+    private List<AuthType> getAuthFromOperation(Operation op) {
+        List<String> opAuth = op.getAuth();
+        if (opAuth != null) {
+            return opAuth.stream().map(AuthType::fromValue).collect(Collectors.toList());
+        }
+        AuthType legacyAuthType = op.getAuthtype();
+        if (legacyAuthType != null) {
+            return Collections.singletonList(legacyAuthType);
+        }
+        return Collections.emptyList();
+    }
+
     /**
      * Get HTTP status code either from error trait on the operation reference or the error trait on the shape.
      *

@@ -95,4 +95,13 @@ public String getEndpointRulesInternalResourcesDirectory() {
     public String getEndpointRulesTestDirectory() {
         return testDirectory + "/" + Utils.packageToDirectory(model.getMetadata().getFullEndpointRulesPackageName());
     }
+
+    public String getAuthSchemeDirectory() {
+        return sourceDirectory + "/" + Utils.packageToDirectory(model.getMetadata().getFullAuthSchemePackageName());
+    }
+
+    public String getAuthSchemeInternalDirectory() {
+        return sourceDirectory + "/" + Utils.packageToDirectory(model.getMetadata().getFullInternalAuthSchemePackageName());
+    }
+
 }
@@ -0,0 +1,86 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.codegen.emitters.tasks;
+
+import java.util.ArrayList;
+import java.util.List;
+import software.amazon.awssdk.codegen.emitters.GeneratorTask;
+import software.amazon.awssdk.codegen.emitters.GeneratorTaskParams;
+import software.amazon.awssdk.codegen.emitters.PoetGeneratorTask;
+import software.amazon.awssdk.codegen.poet.auth.scheme.AuthSchemeInterceptorSpec;
+import software.amazon.awssdk.codegen.poet.auth.scheme.AuthSchemeParamsSpec;
+import software.amazon.awssdk.codegen.poet.auth.scheme.AuthSchemeProviderSpec;
+import software.amazon.awssdk.codegen.poet.auth.scheme.AuthSchemeSpecUtils;
+import software.amazon.awssdk.codegen.poet.auth.scheme.DefaultAuthSchemeParamsSpec;
+import software.amazon.awssdk.codegen.poet.auth.scheme.EndpointBasedAuthSchemeProviderSpec;
+import software.amazon.awssdk.codegen.poet.auth.scheme.ModelBasedAuthSchemeProviderSpec;
+
+public final class AuthSchemeGeneratorTasks extends BaseGeneratorTasks {
+    private final GeneratorTaskParams generatorTaskParams;
+
+    public AuthSchemeGeneratorTasks(GeneratorTaskParams dependencies) {
+        super(dependencies);
+        this.generatorTaskParams = dependencies;
+    }
+
+    @Override
+    protected List<GeneratorTask> createTasks() {
+        AuthSchemeSpecUtils authSchemeSpecUtils = new AuthSchemeSpecUtils(model);
+        List<GeneratorTask> tasks = new ArrayList<>();
+        tasks.add(generateParamsInterface());
+        tasks.add(generateProviderInterface());
+        tasks.add(generateDefaultParamsImpl());
+        tasks.add(generateModelBasedProvider());
+        tasks.add(generateAuthSchemeInterceptor());
+        if (authSchemeSpecUtils.useEndpointBasedAuthProvider()) {
+            tasks.add(generateEndpointBasedProvider());
+        }
+        return tasks;
+    }
+
+    private GeneratorTask generateParamsInterface() {
+        return new PoetGeneratorTask(authSchemeDir(), model.getFileHeader(), new AuthSchemeParamsSpec(model));
+    }
+
+    private GeneratorTask generateDefaultParamsImpl() {
+        return new PoetGeneratorTask(authSchemeInternalDir(), model.getFileHeader(), new DefaultAuthSchemeParamsSpec(model));
+    }
+
+    private GeneratorTask generateProviderInterface() {
+        return new PoetGeneratorTask(authSchemeDir(), model.getFileHeader(), new AuthSchemeProviderSpec(model));
+    }
+
+    private GeneratorTask generateModelBasedProvider() {
+        return new PoetGeneratorTask(authSchemeInternalDir(), model.getFileHeader(), new ModelBasedAuthSchemeProviderSpec(model));
+    }
+
+    private GeneratorTask generateEndpointBasedProvider() {
+        return new PoetGeneratorTask(authSchemeInternalDir(), model.getFileHeader(),
+                                     new EndpointBasedAuthSchemeProviderSpec(model));
+    }
+
+    private GeneratorTask generateAuthSchemeInterceptor() {
+        return new PoetGeneratorTask(authSchemeInternalDir(), model.getFileHeader(), new AuthSchemeInterceptorSpec(model));
+    }
+
+    private String authSchemeDir() {
+        return generatorTaskParams.getPathProvider().getAuthSchemeDirectory();
+    }
+
+    private String authSchemeInternalDir() {
+        return generatorTaskParams.getPathProvider().getAuthSchemeInternalDirectory();
+    }
+}
@@ -27,6 +27,7 @@ public AwsGeneratorTasks(GeneratorTaskParams params) {
               new PaginatorsGeneratorTasks(params),
               new EventStreamGeneratorTasks(params),
               new WaitersGeneratorTasks(params),
-              new EndpointProviderTasks(params));
+              new EndpointProviderTasks(params),
+              new AuthSchemeGeneratorTasks(params));
     }
 }