Merge branch 'main' of https://github.com/awslabs/aws-crt-swift into iot

awslabs · Dec 23, 2024 · 375492b · 375492b
2 parents 7bb6d1e + 697efa7
commit 375492b
Show file tree

Hide file tree

Showing 8 changed files with 383 additions and 268 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -6,25 +6,27 @@ on:
       - 'main'
 
 env:
-  BUILDER_VERSION: v0.9.52
+  BUILDER_VERSION: v0.9.73
   BUILDER_SOURCE: releases
   BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net
   PACKAGE_NAME: aws-crt-swift
   RUN: ${{ github.run_id }}-${{ github.run_number }}
-  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-  AWS_REGION: us-east-1
+  CRT_CI_ROLE: ${{ secrets.CRT_CI_ROLE_ARN }}
+  AWS_DEFAULT_REGION: us-east-1
+
+permissions:
+  id-token: write # This is required for requesting the JWT
 
 jobs:
   lint:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v4
       - name: GitHub Action for SwiftLint
         uses: norio-nomura/[email protected]
 
   linux:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:
@@ -34,10 +36,15 @@ jobs:
           # issue to fix centos opened against apple here: https://github.com/apple/swift-docker/issues/258
           # - centos-x64
     steps:
-      - name: Build ${{ env.PACKAGE_NAME }}
-        run: |
-          aws s3 cp --debug s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh
-          ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-swift-5-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }}
+    - uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{ env.CRT_CI_ROLE }}
+        aws-region: ${{ env.AWS_DEFAULT_REGION }} 
+    - name: Build ${{ env.PACKAGE_NAME }}
+      run: |
+        aws s3 cp --debug s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh
+        ./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-swift-5-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }}
+  
   macos:
     runs-on: ${{ matrix.runner }}
     env:
@@ -54,11 +61,15 @@ jobs:
           - macos-13-xlarge
           - macos-14-large #x64
     steps:
-      - name: Build ${{ env.PACKAGE_NAME }} + consumers
-        run: |
-          python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
-          chmod a+x builder
-          ./builder build -p ${{ env.PACKAGE_NAME }}
+    - uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{ env.CRT_CI_ROLE }}
+        aws-region: ${{ env.AWS_DEFAULT_REGION }} 
+    - name: Build ${{ env.PACKAGE_NAME }} + consumers
+      run: |
+        python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
+        chmod a+x builder
+        ./builder build -p ${{ env.PACKAGE_NAME }}
 
   devices:
     runs-on: ${{ matrix.runner }}
@@ -111,21 +122,29 @@ jobs:
           - target: { os: watchos, destination: 'watchOS Simulator,OS=9.1,name=Apple Watch Series 5 (40mm)'}
             xcode: Xcode_15.2
     steps:
-      - name: Build ${{ env.PACKAGE_NAME }} + consumers
-        run: |
-          python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
-          chmod a+x builder
-          ./builder build -p ${{ env.PACKAGE_NAME }} --target=${{ matrix.target.os }}-armv8
+    - uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{ env.CRT_CI_ROLE }}
+        aws-region: ${{ env.AWS_DEFAULT_REGION }} 
+    - name: Build ${{ env.PACKAGE_NAME }} + consumers
+      run: |
+        python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
+        chmod a+x builder
+        ./builder build -p ${{ env.PACKAGE_NAME }} --target=${{ matrix.target.os }}-armv8
 
   check-submodules:
-    runs-on: ubuntu-22.04 # latest
+    runs-on: ubuntu-24.04 # latest
     steps:
-      - name: Checkout Source
-        uses: actions/checkout@v4
-        with:
-          submodules: true
-          fetch-depth: 0
-      - name: Check Submodules
-        # note: using "@main" because "@${{env.BUILDER_VERSION}}" doesn't work
-        # https://github.com/actions/runner/issues/480
-        uses: awslabs/aws-crt-builder/.github/actions/check-submodules@main
+    - uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: ${{ env.CRT_CI_ROLE }}
+        aws-region: ${{ env.AWS_DEFAULT_REGION }} 
+    - name: Checkout Source
+      uses: actions/checkout@v4
+      with:
+        submodules: true
+        fetch-depth: 0
+    - name: Check Submodules
+      # note: using "@main" because "@${{env.BUILDER_VERSION}}" doesn't work
+      # https://github.com/actions/runner/issues/480
+      uses: awslabs/aws-crt-builder/.github/actions/check-submodules@main
diff --git a/Source/AwsCommonRuntimeKit/auth/credentials/Credentials.swift b/Source/AwsCommonRuntimeKit/auth/credentials/Credentials.swift
@@ -8,9 +8,13 @@ public final class Credentials {
 
     let rawValue: OpaquePointer
 
-    init(rawValue: OpaquePointer) {
+    // TODO: remove this property once aws-c-auth supports account_id
+    private let accountId: String?
+
+    init(rawValue: OpaquePointer, accountId: String? = nil) {
         self.rawValue = rawValue
         aws_credentials_acquire(rawValue)
+        self.accountId = accountId
     }
 
     /// Creates a new set of aws credentials
@@ -19,12 +23,14 @@ public final class Credentials {
     ///   - accessKey: value for the aws access key id field
     ///   - secret: value for the secret access key field
     ///   - sessionToken: (Optional) security token associated with the credentials
+    ///   - accountId: (Optional) the account ID for the resolved credentials, if known
     ///   - expiration: (Optional) Point in time after which credentials will no longer be valid.
     ///                 For credentials that do not expire, use nil.
     ///                 If expiration.timeIntervalSince1970 is greater than UInt64.max, it will be converted to nil.
     /// - Throws: CommonRuntimeError.crtError
     public init(accessKey: String,
                 secret: String,
+                accountId: String? = nil,
                 sessionToken: String? = nil,
                 expiration: Date? = nil) throws {
 
@@ -51,6 +57,7 @@ public final class Credentials {
             throw CommonRunTimeError.crtError(.makeFromLastError())
         }
         self.rawValue = rawValue
+        self.accountId = accountId
     }
 
     /// Gets the access key from the `aws_credentials` instance
@@ -69,6 +76,15 @@ public final class Credentials {
         return secret.toOptionalString()
     }
 
+    /// Gets the account ID from the `Credentials`, if any.
+    ///
+    /// Temporarily, `accountId` is backed by a Swift instance variable.
+    /// In the future, when the C implementation implements `account_id` the implementation will get account ID from the `aws_credentials` instance.
+    /// - Returns:`String?`: The AWS `accountId` or nil
+    public func getAccountId() -> String? {
+        accountId
+    }
+
     /// Gets the session token from the `aws_credentials` instance
     ///
     /// - Returns:`String?`: The AWS Session token or nil

diff --git a/Source/AwsCommonRuntimeKit/auth/credentials/CredentialsProvider.swift b/Source/AwsCommonRuntimeKit/auth/credentials/CredentialsProvider.swift
@@ -14,8 +14,12 @@ public class CredentialsProvider: CredentialsProviding {
 
     let rawValue: UnsafeMutablePointer<aws_credentials_provider>
 
-    init(credentialsProvider: UnsafeMutablePointer<aws_credentials_provider>) {
+    // TODO: remove this property once aws-c-auth supports account_id
+    private let accountId: String?
+
+    init(credentialsProvider: UnsafeMutablePointer<aws_credentials_provider>, accountId: String? = nil) {
         self.rawValue = credentialsProvider
+        self.accountId = accountId
     }
 
     /// Retrieves credentials from a provider by calling its implementation of get credentials and returns them to
@@ -25,7 +29,10 @@ public class CredentialsProvider: CredentialsProviding {
     /// - Throws: CommonRuntimeError.crtError
     public func getCredentials() async throws -> Credentials {
         return try await withCheckedThrowingContinuation { (continuation: CheckedContinuation<Credentials, Error>) in
-            let continuationCore = ContinuationCore(continuation: continuation)
+            let continuationCore = ContinuationCore(
+                continuation: continuation,
+                userData: ["accountId": accountId as Any]
+            )
             if aws_credentials_provider_get_credentials(rawValue,
                                                         onGetCredentials,
                                                         continuationCore.passRetained()) != AWS_OP_SUCCESS {
@@ -52,6 +59,14 @@ extension CredentialsProvider {
         self.init(credentialsProvider: unsafeProvider)
     }
 
+    // TODO: Remove the following initializer when aws-c-auth provides account_id in credentials
+    /// Creates a credentials provider that sources the credentials from the provided source and `accountId`
+    @_spi(AccountIDTempSupport)
+    public convenience init(source: Source, accountId: String?) throws {
+        let unsafeProvider = try source.makeProvider()
+        self.init(credentialsProvider: unsafeProvider, accountId: accountId)
+    }
+
     /// Create a credentials provider that depends on provider to fetch the credentials.
     /// It will retain the provider until shutdown callback is triggered for AwsCredentialsProvider
     /// - Parameters:
@@ -570,7 +585,8 @@ private func onGetCredentials(credentials: OpaquePointer?,
     }
 
     // Success
-    continuationCore.continuation.resume(returning: Credentials(rawValue: credentials!))
+    let accountId = continuationCore.userData?["accountId"] as? String
+    continuationCore.continuation.resume(returning: Credentials(rawValue: credentials!, accountId: accountId))
 }
 
 // We need to share this pointer to C in a task block but Swift compiler complains