chore: add support for SESv2 Sigv4a (not yet used because SESv2 hasn't rolled out support)

ianbotsf · ianbotsf · commit 1ae8ec8c0e3c · 2024-10-25T17:46:14.000Z
diff --git a/codegen/aws-sdk-codegen/src/main/kotlin/aws/sdk/kotlin/codegen/customization/SigV4AsymmetricTraitCustomization.kt b/codegen/aws-sdk-codegen/src/main/kotlin/aws/sdk/kotlin/codegen/customization/SigV4AsymmetricTraitCustomization.kt
@@ -26,7 +26,7 @@ class SigV4AsymmetricTraitCustomization : KotlinIntegration {
     override val order: Byte = -60
 
     // services which support SigV4A but don't model it
-    private val unmodeledSigV4aServices = listOf("s3", "eventbridge")
+    private val unmodeledSigV4aServices = listOf("s3", "eventbridge", "sesv2")
 
     override fun enabledForService(model: Model, settings: KotlinSettings): Boolean =
         unmodeledSigV4aServices.contains(settings.sdkId.lowercase()) && !model.isTraitApplied(SigV4ATrait::class.java)
diff --git a/services/build.gradle.kts b/services/build.gradle.kts
@@ -96,6 +96,12 @@ subprojects {
                             }
                         }
 
+                        if (project.name == "sesv2") {
+                            dependencies {
+                                implementation(libs.smithy.kotlin.aws.signing.crt) // needed for E2E test of SigV4a
+                            }
+                        }
+
                         // Run the tests with the classpath containing the compile dependencies (including 'main'),
                         // runtime dependencies, and the outputs of this compilation:
                         classpath = compileDependencyFiles + runtimeDependencyFiles + output.allOutputs
diff --git a/services/sesv2/e2eTest/src/Sigv4aTest.kt b/services/sesv2/e2eTest/src/Sigv4aTest.kt
@@ -0,0 +1,64 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import aws.sdk.kotlin.services.sesv2.SesV2Client
+import aws.sdk.kotlin.services.sesv2.sendEmail
+import aws.smithy.kotlin.runtime.auth.awssigning.crt.CrtAwsSigner
+import aws.smithy.kotlin.runtime.client.ProtocolRequestInterceptorContext
+import aws.smithy.kotlin.runtime.http.HttpException
+import aws.smithy.kotlin.runtime.http.auth.SigV4AsymmetricAuthScheme
+import aws.smithy.kotlin.runtime.http.interceptors.HttpInterceptor
+import aws.smithy.kotlin.runtime.http.request.HttpRequest
+import kotlinx.coroutines.runBlocking
+import kotlin.test.Ignore
+import kotlin.test.Test
+import kotlin.test.assertContains
+import kotlin.test.assertEquals
+import kotlin.test.assertFailsWith
+import kotlin.test.assertNotNull
+
+class Sigv4aTest {
+    @Test
+    @Ignore // TODO enable once SESv2 model adds endpointId and Sigv4a
+
+    fun testSigv4a() = runBlocking {
+        val interceptor = RequestCapturingInterceptor()
+
+        SesV2Client.fromEnvironment {
+            retryStrategy {
+                maxAttempts = 1 // The call is intended to fail, no sense trying more than once
+            }
+
+            interceptors += interceptor
+
+            authSchemes = listOf(SigV4AsymmetricAuthScheme(CrtAwsSigner, "ses"))
+        }.use { ses ->
+            assertFailsWith<HttpException> {
+                ses.sendEmail {
+                    // endpointId = "bdm3x3zl.n5x" // TODO uncomment
+                }
+            }
+        }
+
+        assertEquals(1, interceptor.requests.size)
+        val request = interceptor.requests.single()
+
+        assertContains("bdm3x3zl.n5x.endpoints.email.amazonaws.com", request.url.host.toString()) // Correct endpoint?
+
+        val authHeader = assertNotNull(
+            request.headers["Authorization"],
+            "Missing Authorization header, found: ${request.headers.entries().map { it.key }}",
+        )
+        assertContains(authHeader, "AWS4-ECDSA-P256-SHA256") // Verify that request was signed with Sigv4a
+    }
+}
+
+private class RequestCapturingInterceptor : HttpInterceptor {
+    val requests = mutableListOf<HttpRequest>()
+
+    override fun readBeforeTransmit(context: ProtocolRequestInterceptorContext<Any, HttpRequest>) {
+        requests += context.protocolRequest
+    }
+}
diff --git a/services/sesv2/package.json b/services/sesv2/package.json
@@ -0,0 +1,4 @@
+{
+  "sdkId": "SESv2",
+  "enableEndpointAuthProvider": true
+}

Original file line number	Diff line number	Diff line change
`@@ -96,6 +96,12 @@ subprojects {`
`96`	`96`	`}`
`97`	`97`	`}`
`98`	`98`
	`99`	`+ if (project.name == "sesv2") {`
	`100`	`+ dependencies {`
	`101`	`+ implementation(libs.smithy.kotlin.aws.signing.crt) // needed for E2E test of SigV4a`
	`102`	`+ }`
	`103`	`+ }`
	`104`	`+`
`99`	`105`	`// Run the tests with the classpath containing the compile dependencies (including 'main'),`
`100`	`106`	`// runtime dependencies, and the outputs of this compilation:`
`101`	`107`	`classpath = compileDependencyFiles + runtimeDependencyFiles + output.allOutputs`
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +{
 +  "sdkId": "SESv2",
 +  "enableEndpointAuthProvider": true
 +}