removed old httpProtocol/httpTransport code, removed authInfo as it's replaced by interceptors, and added basic & sigv4 auth ref

Author: xiazcy

gremlin-go/driver/auth.go

@@ -0,0 +1,85 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+package gremlingo
+
+import (
+	"context"
+	"encoding/base64"
+	"time"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	v4 "github.com/aws/aws-sdk-go-v2/aws/signer/v4"
+	"github.com/aws/aws-sdk-go-v2/config"
+)
+
+// BasicAuth returns a RequestInterceptor that adds Basic authentication header.
+func BasicAuth(username, password string) RequestInterceptor {
+	encoded := base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
+	return func(req *HttpRequest) error {
+		req.Headers.Set(HeaderAuthorization, "Basic "+encoded)
+		return nil
+	}
+}
+
+// Sigv4Auth returns a RequestInterceptor that signs requests using AWS SigV4.
+// It uses the default AWS credential chain (env vars, shared config, IAM role, etc.)
+func Sigv4Auth(region, service string) RequestInterceptor {
+	return Sigv4AuthWithCredentials(region, service, nil)
+}
+
+// Sigv4AuthWithCredentials returns a RequestInterceptor that signs requests using AWS SigV4
+// with the provided credentials provider. If provider is nil, uses default credential chain.
+func Sigv4AuthWithCredentials(region, service string, credentialsProvider aws.CredentialsProvider) RequestInterceptor {
+	return func(req *HttpRequest) error {
+		ctx := context.Background()
+
+		creds, err := resolveCredentials(ctx, region, credentialsProvider)
+		if err != nil {
+			return err
+		}
+
+		signer := v4.NewSigner()
+		stdReq := req.ToStdRequest()
+		stdReq.Body = nil // Body is handled separately via payload hash
+
+		if err := signer.SignHTTP(ctx, creds, stdReq, req.PayloadHash(), service, region, time.Now()); err != nil {
+			return err
+		}
+
+		// Copy signed headers back to HttpRequest
+		for k, v := range stdReq.Header {
+			req.Headers[k] = v
+		}
+
+		return nil
+	}
+}
+
+func resolveCredentials(ctx context.Context, region string, provider aws.CredentialsProvider) (aws.Credentials, error) {
+	if provider != nil {
+		return provider.Retrieve(ctx)
+	}
+
+	cfg, err := config.LoadDefaultConfig(ctx, config.WithRegion(region))
+	if err != nil {
+		return aws.Credentials{}, err
+	}
+	return cfg.Credentials.Retrieve(ctx)
+}

gremlin-go/driver/authInfo.go

@@ -0,0 +1,114 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+*/
+
+package gremlingo
+
+import (
+	"context"
+	"encoding/base64"
+	"strings"
+	"testing"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/stretchr/testify/assert"
+)
+
+func createMockRequest() *HttpRequest {
+	req, _ := NewHttpRequest("POST", "https://localhost:8182/gremlin")
+	req.Headers.Set("Content-Type", graphBinaryMimeType)
+	req.Headers.Set("Accept", graphBinaryMimeType)
+	req.Body = []byte(`{"gremlin":"g.V()"}`)
+	return req
+}
+
+func TestBasicAuth(t *testing.T) {
+	t.Run("adds authorization header", func(t *testing.T) {
+		req := createMockRequest()
+		assert.Empty(t, req.Headers.Get(HeaderAuthorization))
+
+		interceptor := BasicAuth("username", "password")
+		err := interceptor(req)
+
+		assert.NoError(t, err)
+		authHeader := req.Headers.Get(HeaderAuthorization)
+		assert.True(t, strings.HasPrefix(authHeader, "Basic "))
+
+		// Verify encoding
+		encoded := strings.TrimPrefix(authHeader, "Basic ")
+		decoded, err := base64.StdEncoding.DecodeString(encoded)
+		assert.NoError(t, err)
+		assert.Equal(t, "username:password", string(decoded))
+	})
+}
+
+// mockCredentialsProvider implements aws.CredentialsProvider for testing
+type mockCredentialsProvider struct {
+	accessKey    string
+	secretKey    string
+	sessionToken string
+}
+
+func (m *mockCredentialsProvider) Retrieve(ctx context.Context) (aws.Credentials, error) {
+	return aws.Credentials{
+		AccessKeyID:     m.accessKey,
+		SecretAccessKey: m.secretKey,
+		SessionToken:    m.sessionToken,
+	}, nil
+}
+
+func TestSigv4Auth(t *testing.T) {
+	t.Run("adds signed headers", func(t *testing.T) {
+		req := createMockRequest()
+		assert.Empty(t, req.Headers.Get("Authorization"))
+		assert.Empty(t, req.Headers.Get("X-Amz-Date"))
+
+		provider := &mockCredentialsProvider{
+			accessKey: "MOCK_ACCESS_KEY",
+			secretKey: "MOCK_SECRET_KEY",
+		}
+		interceptor := Sigv4AuthWithCredentials("us-west-2", "neptune-db", provider)
+		err := interceptor(req)
+
+		assert.NoError(t, err)
+		assert.NotEmpty(t, req.Headers.Get("X-Amz-Date"))
+		authHeader := req.Headers.Get("Authorization")
+		assert.True(t, strings.HasPrefix(authHeader, "AWS4-HMAC-SHA256 Credential=MOCK_ACCESS_KEY"))
+		assert.Contains(t, authHeader, "us-west-2/neptune-db/aws4_request")
+		assert.Contains(t, authHeader, "Signature=")
+	})
+
+	t.Run("adds session token when provided", func(t *testing.T) {
+		req := createMockRequest()
+		assert.Empty(t, req.Headers.Get("X-Amz-Security-Token"))
+
+		provider := &mockCredentialsProvider{
+			accessKey:    "MOCK_ACCESS_KEY",
+			secretKey:    "MOCK_SECRET_KEY",
+			sessionToken: "MOCK_SESSION_TOKEN",
+		}
+		interceptor := Sigv4AuthWithCredentials("us-west-2", "neptune-db", provider)
+		err := interceptor(req)
+
+		assert.NoError(t, err)
+		assert.Equal(t, "MOCK_SESSION_TOKEN", req.Headers.Get("X-Amz-Security-Token"))
+		authHeader := req.Headers.Get("Authorization")
+		assert.True(t, strings.HasPrefix(authHeader, "AWS4-HMAC-SHA256 Credential="))
+		assert.Contains(t, authHeader, "Signature=")
+	})
+}

gremlin-go/driver/auth_test.go

@@ -36,7 +36,6 @@ type ClientSettings struct {
 	LogVerbosity      LogVerbosity
 	Logger            Logger
 	Language          language.Tag
-	AuthInfo          AuthInfoProvider
 	TlsConfig         *tls.Config
 	ConnectionTimeout time.Duration
 	EnableCompression bool
@@ -72,7 +71,6 @@ func NewClient(url string, configurations ...func(settings *ClientSettings)) (*C
 		LogVerbosity:             Info,
 		Logger:                   &defaultLogger{},
 		Language:                 language.English,
-		AuthInfo:                 &AuthInfo{},
 		TlsConfig:                &tls.Config{},
 		ConnectionTimeout:        connectionTimeoutDefault,
 		EnableCompression:        false,
@@ -85,7 +83,6 @@ func NewClient(url string, configurations ...func(settings *ClientSettings)) (*C
 	}
 
 	connSettings := &connectionSettings{
-		authInfo:                 settings.AuthInfo,
 		tlsConfig:                settings.TlsConfig,
 		connectionTimeout:        settings.ConnectionTimeout,
 		enableCompression:        settings.EnableCompression,

gremlin-go/driver/client.go

@@ -30,15 +30,13 @@ func TestClient(t *testing.T) {
 	// Integration test variables.
 	testNoAuthUrl := getEnvOrDefaultString("GREMLIN_SERVER_URL", noAuthUrl)
 	testNoAuthEnable := getEnvOrDefaultBool("RUN_INTEGRATION_TESTS", true)
-	testNoAuthAuthInfo := &AuthInfo{}
 	testNoAuthTlsConfig := &tls.Config{}
 
 	t.Run("Test client.SubmitWithOptions()", func(t *testing.T) {
 		skipTestsIfNotEnabled(t, integrationTestSuiteName, testNoAuthEnable)
 		client, err := NewClient(testNoAuthUrl,
 			func(settings *ClientSettings) {
 				settings.TlsConfig = testNoAuthTlsConfig
-				settings.AuthInfo = testNoAuthAuthInfo
 			})
 		assert.NoError(t, err)
 		assert.NotNil(t, client)
@@ -58,7 +56,6 @@ func TestClient(t *testing.T) {
 		client, err := NewClient(testNoAuthUrl,
 			func(settings *ClientSettings) {
 				settings.TlsConfig = testNoAuthTlsConfig
-				settings.AuthInfo = testNoAuthAuthInfo
 			})
 		assert.NoError(t, err)
 		assert.NotNil(t, client)
@@ -74,7 +71,6 @@ func TestClient(t *testing.T) {
 		client, err := NewClient(testNoAuthUrl,
 			func(settings *ClientSettings) {
 				settings.TlsConfig = testNoAuthTlsConfig
-				settings.AuthInfo = testNoAuthAuthInfo
 				settings.TraversalSource = testServerModernGraphAlias
 			})
 		assert.NoError(t, err)
@@ -97,7 +93,6 @@ func TestClient(t *testing.T) {
 		client, err := NewClient(testNoAuthUrl,
 			func(settings *ClientSettings) {
 				settings.TlsConfig = testNoAuthTlsConfig
-				settings.AuthInfo = testNoAuthAuthInfo
 				settings.TraversalSource = testServerModernGraphAlias
 			})
 		assert.NoError(t, err)
@@ -122,7 +117,6 @@ func TestClient(t *testing.T) {
 		client, err := NewClient(testNoAuthUrl,
 			func(settings *ClientSettings) {
 				settings.TlsConfig = testNoAuthTlsConfig
-				settings.AuthInfo = testNoAuthAuthInfo
 				settings.TraversalSource = testServerModernGraphAlias
 			})
 		assert.NoError(t, err)
@@ -147,7 +141,6 @@ func TestClient(t *testing.T) {
 		client, err := NewClient(testNoAuthUrl,
 			func(settings *ClientSettings) {
 				settings.TlsConfig = testNoAuthTlsConfig
-				settings.AuthInfo = testNoAuthAuthInfo
 				settings.TraversalSource = testServerModernGraphAlias
 			})
 
@@ -170,7 +163,6 @@ func TestClient(t *testing.T) {
 		client, err := NewClient(testNoAuthUrl,
 			func(settings *ClientSettings) {
 				settings.TlsConfig = testNoAuthTlsConfig
-				settings.AuthInfo = testNoAuthAuthInfo
 				settings.TraversalSource = testServerCrewGraphAlias
 			})
 

gremlin-go/driver/client_test.go

@@ -25,7 +25,6 @@ import (
 )
 
 type connectionSettings struct {
-	authInfo                 AuthInfoProvider
 	tlsConfig                *tls.Config
 	connectionTimeout        time.Duration
 	enableCompression        bool