private/model/api: Backfill authtype, STS and Cognito Identity (#293)

Backfills the authtype=none modeled trait for STS and Cognito Identity
services. This removes the in code customization for these two services'
APIs that should not be signed.

If the service API models are updated this customization to the code
generation can be removed.

V2 SDK port of: aws/aws-sdk-go#2477

Author: jasdel

private/model/api/customization_passes.go

@@ -3,7 +3,9 @@
 package api
 
 import (
+	"fmt"
 	"io/ioutil"
+	"os"
 	"path/filepath"
 	"strings"
 )
@@ -50,6 +52,19 @@ func (a *API) customizationPasses() {
 		// MTurk smoke test is invalid. The service requires AWS account to be
 		// linked to Amazon Mechanical Turk Account.
 		"mturk": supressSmokeTest,
+
+		// Backfill the authentication type for cognito identity and sts.
+		// Removes the need for the customizations in these services.
+		"cognitoidentity": backfillAuthType("none",
+			"GetId",
+			"GetOpenIdToken",
+			"UnlinkIdentity",
+			"GetCredentialsForIdentity",
+		),
+		"sts": backfillAuthType("none",
+			"AssumeRoleWithSAML",
+			"AssumeRoleWithWebIdentity",
+		),
 	}
 
 	for k := range mergeServices {
@@ -211,3 +226,19 @@ func rdsCustomizations(a *API) {
 		}
 	}
 }
+func backfillAuthType(typ string, opNames ...string) func(*API) {
+	return func(a *API) {
+		for _, opName := range opNames {
+			op, ok := a.Operations[opName]
+			if !ok {
+				panic("unable to backfill auth-type for unknown operation " + opName)
+			}
+			if v := op.AuthType; len(v) != 0 {
+				fmt.Fprintf(os.Stderr, "unable to backfill auth-type for %s, already set, %s", opName, v)
+				continue
+			}
+
+			op.AuthType = typ
+		}
+	}
+}

service/cognitoidentity/api.go

@@ -1,3 +1,5 @@
+// +build go1.8
+
 package cognitoidentity_test
 
 import (
@@ -10,47 +12,68 @@ import (
 
 var svc = cognitoidentity.New(unit.Config())
 
-func TestUnsignedRequest_GetID(t *testing.T) {
-	req := svc.GetIdRequest(&cognitoidentity.GetIdInput{
-		IdentityPoolId: aws.String("IdentityPoolId"),
-	})
-
-	err := req.Sign()
-	if err != nil {
-		t.Errorf("expected no error, but received %v", err)
-	}
-
-	if e, a := "", req.HTTPRequest.Header.Get("Authorization"); e != a {
-		t.Errorf("expected empty value '%v', but received, %v", e, a)
-	}
-}
-
-func TestUnsignedRequest_GetOpenIDToken(t *testing.T) {
-	req := svc.GetOpenIdTokenRequest(&cognitoidentity.GetOpenIdTokenInput{
-		IdentityId: aws.String("IdentityId"),
-	})
-
-	err := req.Sign()
-	if err != nil {
-		t.Errorf("expected no error, but received %v", err)
+func TestUnsignedRequests(t *testing.T) {
+	type reqSigner interface {
+		Sign() error
 	}
 
-	if e, a := "", req.HTTPRequest.Header.Get("Authorization"); e != a {
-		t.Errorf("expected empty value '%v', but received, %v", e, a)
+	cases := map[string]struct {
+		ReqFn func() reqSigner
+	}{
+		"GetId": {
+			ReqFn: func() reqSigner {
+				req := svc.GetIdRequest(&cognitoidentity.GetIdInput{
+					IdentityPoolId: aws.String("IdentityPoolId"),
+				})
+				return req
+			},
+		},
+		"GetOpenIdToken": {
+			ReqFn: func() reqSigner {
+				req := svc.GetOpenIdTokenRequest(&cognitoidentity.GetOpenIdTokenInput{
+					IdentityId: aws.String("IdentityId"),
+				})
+				return req
+			},
+		},
+		"UnlinkIdentity": {
+			ReqFn: func() reqSigner {
+				req := svc.UnlinkIdentityRequest(&cognitoidentity.UnlinkIdentityInput{
+					IdentityId:     aws.String("IdentityId"),
+					Logins:         map[string]string{},
+					LoginsToRemove: []string{},
+				})
+				return req
+			},
+		},
+		"GetCredentialsForIdentity": {
+			ReqFn: func() reqSigner {
+				req := svc.GetCredentialsForIdentityRequest(&cognitoidentity.GetCredentialsForIdentityInput{
+					IdentityId: aws.String("IdentityId"),
+				})
+				return req
+			},
+		},
 	}
-}
 
-func TestUnsignedRequest_GetCredentialsForIdentity(t *testing.T) {
-	req := svc.GetCredentialsForIdentityRequest(&cognitoidentity.GetCredentialsForIdentityInput{
-		IdentityId: aws.String("IdentityId"),
-	})
+	for cn, c := range cases {
+		t.Run(cn, func(t *testing.T) {
+			req := c.ReqFn()
+			err := req.Sign()
+			if err != nil {
+				t.Errorf("expected no error, but received %v", err)
+			}
 
-	err := req.Sign()
-	if err != nil {
-		t.Errorf("expected no error, but received %v", err)
-	}
+			switch tv := req.(type) {
+			case cognitoidentity.GetIdRequest:
+				if e, a := aws.AnonymousCredentials, tv.Config.Credentials; e != a {
+					t.Errorf("expect request to use anonymous credentias, %v", a)
+				}
+				if e, a := "", tv.HTTPRequest.Header.Get("Authorization"); e != a {
+					t.Errorf("expected empty value '%v', but received, %v", e, a)
+				}
+			}
 
-	if e, a := "", req.HTTPRequest.Header.Get("Authorization"); e != a {
-		t.Errorf("expected empty value '%v', but received, %v", e, a)
+		})
 	}
 }