Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(codegen): use AWS SDK default credentials as sigv4 default credentials #6431

Merged
merged 1 commit into from
Sep 6, 2024
Merged

fix(codegen): use AWS SDK default credentials as sigv4 default credentials #6431

merged 1 commit into from
Sep 6, 2024

Conversation

kuhe
Copy link
Contributor

@kuhe kuhe commented Sep 3, 2024
edited
Loading

Issue

internal

Description

For the scenario of a non-AWS service with the sigv4 trait, this PR modifies the ID&Auth SRA codegen behavior to provide the AWS SDK default credential chain as the default credentials object, for consistency with the legacyAuth behavior.

This was not present in the SRA implementation, presumably because of the desired separation between AWS and white label clients.

This only applies to codegen that uses both smithy-typescript and smithy-typescript-aws. If you only use smithy-typescript, it isn't currently aware of sigv4 at all. Sigv4 handling may need to be moved into smithy-typescript, but is out of scope of this PR.

Testing

new integ test

@kuhe kuhe requested a review from a team as a code owner September 3, 2024 14:53
gosar
gosar reviewed Sep 5, 2024
View reviewed changes
...are/amazon/smithy/aws/typescript/codegen/auth/http/integration/AwsSdkCustomizeSigV4Auth.java
} else {
// isSigV4Service and !isAwsService are implied here.
return MapUtils.of(
"credentials", writer -> {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not up to speed, but what's the difference between configuring credentials here v/s credentialDefaultProvider? It seems more consistent to configure credentialDefaultProvider here. And that's what it was before.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

credentialDefaultProvider was deprecated by ID&Auth SRA. It is a field that is only generated when the AwsSdkCustomizeSigV4Auth plugin is activated by the isAwsService and isSigV4Service conditionals in conjunction, and relies on data from the (AWS) service trait.

That plugin contains the config resolver that processes the credentialDefaultProvider field along with a few other AWS customizations. Rather than bringing all of that in, I'm using a default value for the credentials field, which is functionally very similar.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

credentialDefaultProvider seems to be a quirk from legacy dev. Even in legacyAuth, it was simply assigned onto the credentials field if the credentials field was empty during config resolution.

@kuhe kuhe merged commit 39532e4 into aws:main Sep 6, 2024
5 checks passed
@kuhe kuhe deleted the fix/auth branch September 6, 2024 19:34
@github-actions GitHub Actions
Copy link

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 21, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@trivikr trivikr trivikr approved these changes

@gosar gosar gosar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kuhe @gosar @trivikr