aws · gosar · Oct 4, 2023 · Oct 3, 2023
diff --git a/.../java/software/amazon/awssdk/services/polly/internal/presigner/DefaultPollyPresigner.java b/.../java/software/amazon/awssdk/services/polly/internal/presigner/DefaultPollyPresigner.java
@@ -48,12 +48,16 @@
 import software.amazon.awssdk.core.signer.Signer;
 import software.amazon.awssdk.http.SdkHttpFullRequest;
 import software.amazon.awssdk.http.SdkHttpMethod;
+import software.amazon.awssdk.http.auth.aws.scheme.AwsV4AuthScheme;
+import software.amazon.awssdk.http.auth.spi.scheme.AuthScheme;
 import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
 import software.amazon.awssdk.identity.spi.IdentityProvider;
+import software.amazon.awssdk.identity.spi.IdentityProviders;
 import software.amazon.awssdk.profiles.ProfileFile;
 import software.amazon.awssdk.profiles.ProfileFileSystemSetting;
 import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.regions.providers.DefaultAwsRegionProviderChain;
+import software.amazon.awssdk.services.polly.auth.scheme.PollyAuthSchemeProvider;
 import software.amazon.awssdk.services.polly.internal.presigner.model.transform.SynthesizeSpeechRequestMarshaller;
 import software.amazon.awssdk.services.polly.model.PollyRequest;
 import software.amazon.awssdk.services.polly.presigner.PollyPresigner;
@@ -63,9 +67,6 @@
 import software.amazon.awssdk.utils.IoUtils;
 import software.amazon.awssdk.utils.Validate;
 
-// TODO(sra-identity-auth): Move to SRA I&A. Note, until we expose ability configuration for the SRA interfaces, like
-//  AuthSchemeProvider (directly or via Plugins), there isn't any real customer benefit to moving to SRA, other than just getting
-//  off the old deprecated Signer interface.
 /**
  * Default implementation of {@link PollyPresigner}.
  */
@@ -185,7 +186,6 @@ private void initializePresignedRequest(PresignedRequest.Builder presignedReques
     private SdkHttpFullRequest presignRequest(PollyRequest requestToPresign,
                                               SdkHttpFullRequest marshalledRequest,
                                               ExecutionAttributes executionAttributes) {
-        // TODO(sra-identity-auth): Move to SRA HttpSigner
         Presigner presigner = resolvePresigner(requestToPresign);
         SdkHttpFullRequest presigned = presigner.presign(marshalledRequest, executionAttributes);
         List<String> signedHeadersQueryParam = presigned.firstMatchingRawQueryParameters("X-Amz-SignedHeaders");
@@ -208,25 +208,19 @@ private ExecutionAttributes createExecutionAttributes(PresignRequest presignRequ
                 .putAttribute(SdkInternalExecutionAttribute.IS_FULL_DUPLEX, false)
                 .putAttribute(SdkExecutionAttribute.CLIENT_TYPE, ClientType.SYNC)
                 .putAttribute(SdkExecutionAttribute.SERVICE_NAME, SERVICE_NAME)
-                .putAttribute(PRESIGNER_EXPIRATION, signatureExpiration);
-        // TODO(sra-identity-auth): Uncomment when switching to useSraAuth=true
-        /*
+                .putAttribute(PRESIGNER_EXPIRATION, signatureExpiration)
                 .putAttribute(SdkInternalExecutionAttribute.AUTH_SCHEME_RESOLVER, PollyAuthSchemeProvider.defaultProvider())
                 .putAttribute(SdkInternalExecutionAttribute.AUTH_SCHEMES, authSchemes())
                 .putAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDERS,
                               IdentityProviders.builder()
                                                .putIdentityProvider(credentialsProvider())
                                                .build());
-         */
     }
 
-    // TODO(sra-identity-auth): Uncomment when switching to useSraAuth=true
-    /*
     private Map<String, AuthScheme<?>> authSchemes() {
         AwsV4AuthScheme awsV4AuthScheme = AwsV4AuthScheme.create();
         return Collections.singletonMap(awsV4AuthScheme.schemeId(), awsV4AuthScheme);
     }
-     */
 
     private IdentityProvider<? extends AwsCredentialsIdentity> resolveCredentialsProvider(PollyRequest request) {
         return request.overrideConfiguration().flatMap(AwsRequestOverrideConfiguration::credentialsIdentityProvider)

diff --git a/...src/main/java/software/amazon/awssdk/services/s3/internal/signing/DefaultS3Presigner.java b/...src/main/java/software/amazon/awssdk/services/s3/internal/signing/DefaultS3Presigner.java
@@ -24,6 +24,7 @@
 import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
@@ -61,10 +62,16 @@
 import software.amazon.awssdk.http.SdkHttpFullRequest;
 import software.amazon.awssdk.http.SdkHttpMethod;
 import software.amazon.awssdk.http.SdkHttpRequest;
+import software.amazon.awssdk.http.auth.aws.scheme.AwsV4AuthScheme;
+import software.amazon.awssdk.http.auth.aws.scheme.AwsV4aAuthScheme;
+import software.amazon.awssdk.http.auth.spi.scheme.AuthScheme;
+import software.amazon.awssdk.identity.spi.IdentityProviders;
 import software.amazon.awssdk.metrics.NoOpMetricCollector;
 import software.amazon.awssdk.protocols.xml.AwsS3ProtocolFactory;
 import software.amazon.awssdk.regions.ServiceMetadataAdvancedOption;
 import software.amazon.awssdk.services.s3.S3Configuration;
+import software.amazon.awssdk.services.s3.auth.scheme.S3AuthSchemeProvider;
+import software.amazon.awssdk.services.s3.auth.scheme.internal.S3AuthSchemeInterceptor;
 import software.amazon.awssdk.services.s3.endpoints.S3ClientContextParams;
 import software.amazon.awssdk.services.s3.endpoints.S3EndpointProvider;
 import software.amazon.awssdk.services.s3.endpoints.internal.S3RequestSetEndpointInterceptor;
@@ -104,9 +111,6 @@
 import software.amazon.awssdk.utils.Logger;
 import software.amazon.awssdk.utils.Validate;
 
-// TODO(sra-identity-auth): Move to SRA I&A. Note, until we expose ability configuration for the SRA interfaces, like
-//  AuthSchemeProvider (directly or via Plugins), there isn't any real customer benefit to moving to SRA, other than just getting
-//  off the old deprecated Signer interface.
 /**
  * The default implementation of the {@link S3Presigner} interface.
  */
@@ -205,8 +209,7 @@ private List<ExecutionInterceptor> initializeInterceptors() {
         List<ExecutionInterceptor> s3Interceptors =
             interceptorFactory.getInterceptors("software/amazon/awssdk/services/s3/execution.interceptors");
         List<ExecutionInterceptor> additionalInterceptors = new ArrayList<>();
-        // TODO(sra-identity-auth): Uncomment when S3 swithces to useSraAuth=true
-        // additionalInterceptors.add(new S3AuthSchemeInterceptor());
+        additionalInterceptors.add(new S3AuthSchemeInterceptor());
         additionalInterceptors.add(new S3ResolveEndpointInterceptor());
         additionalInterceptors.add(new S3RequestSetEndpointInterceptor());
         s3Interceptors = mergeLists(s3Interceptors, additionalInterceptors);
@@ -367,16 +370,13 @@ private ExecutionContext invokeInterceptorsAndCreateExecutionContext(PresignRequ
             .putAttribute(AwsExecutionAttribute.DUALSTACK_ENDPOINT_ENABLED, serviceConfiguration.dualstackEnabled())
             .putAttribute(SdkInternalExecutionAttribute.ENDPOINT_PROVIDER, S3EndpointProvider.defaultProvider())
             .putAttribute(AwsExecutionAttribute.USE_GLOBAL_ENDPOINT, useGlobalEndpointResolver.resolve(region()))
-            .putAttribute(SdkInternalExecutionAttribute.CLIENT_CONTEXT_PARAMS, clientContextParams);
-        // TODO(sra-identity-auth): Uncomment when switching to useSraAuth=true
-        /*
+            .putAttribute(SdkInternalExecutionAttribute.CLIENT_CONTEXT_PARAMS, clientContextParams)
             .putAttribute(SdkInternalExecutionAttribute.AUTH_SCHEME_RESOLVER, S3AuthSchemeProvider.defaultProvider())
             .putAttribute(SdkInternalExecutionAttribute.AUTH_SCHEMES, authSchemes())
             .putAttribute(SdkInternalExecutionAttribute.IDENTITY_PROVIDERS,
                           IdentityProviders.builder()
                                            .putIdentityProvider(credentialsProvider())
                                            .build());
-         */
 
         ExecutionInterceptorChain executionInterceptorChain = new ExecutionInterceptorChain(clientInterceptors);
 
@@ -386,9 +386,6 @@ private ExecutionContext invokeInterceptorsAndCreateExecutionContext(PresignRequ
         interceptorContext = AwsExecutionContextBuilder.runInitialInterceptors(interceptorContext,
                                                                                executionAttributes,
                                                                                executionInterceptorChain);
-
-
-        // TODO(sra-identity-auth): To move to SRA, use HttpSigner and Identity from SelectedAuthScheme
         AwsCredentialsAuthorizationStrategy authorizationContext =
             AwsCredentialsAuthorizationStrategy.builder()
                                                .request(interceptorContext.request())
@@ -407,8 +404,6 @@ private ExecutionContext invokeInterceptorsAndCreateExecutionContext(PresignRequ
                                .build();
     }
 
-    // TODO(sra-identity-auth): Uncomment when S3 swithces to useSraAuth=true
-    /*
     private Map<String, AuthScheme<?>> authSchemes() {
         Map<String, AuthScheme<?>> schemes = new HashMap<>(2);
         AwsV4AuthScheme awsV4AuthScheme = AwsV4AuthScheme.create();
@@ -417,7 +412,6 @@ private Map<String, AuthScheme<?>> authSchemes() {
         schemes.put(awsV4aAuthScheme.schemeId(), awsV4aAuthScheme);
         return Collections.unmodifiableMap(schemes);
     }
-     */
 
     /**
      * Call the before-marshalling interceptor hooks.
@@ -518,7 +512,6 @@ private SdkHttpFullRequest getHttpFullRequest(ExecutionContext execCtx) {
     /**
      * Presign the provided HTTP request.
      */
-    // TODO(sra-identity-auth): Move to SRA HttpSigner
     private SdkHttpFullRequest presignRequest(ExecutionContext execCtx, SdkHttpFullRequest request) {
         Presigner presigner = Validate.isInstanceOf(Presigner.class, execCtx.signer(),
                                                     "Configured signer (%s) does not support presigning (must implement %s).",