feedback and fixes

Author: 0marperez

aws-runtime/aws-config/build.gradle.kts

@@ -71,6 +71,9 @@ kotlin {
 fun awsModelFile(name: String): String =
     rootProject.file("codegen/sdk/aws-models/$name").relativeTo(project.layout.buildDirectory.get().asFile).toString()
 
+fun awsShapeFile(name: String): String =
+    rootProject.file("codegen/sdk/aws-shapes/$name").relativeTo(project.layout.buildDirectory.get().asFile).toString()
+
 val codegen by configurations.getting
 dependencies {
     codegen(project(":codegen:aws-sdk-codegen"))
@@ -189,10 +192,10 @@ smithyBuild {
             )
         }
 
-        // FIXME: Shape from smoke tests fails projection: aws.test#AwsVendorParams (curr smoke tests temporarily removed from model)
         create("signin-credentials-provider") {
             imports = listOf(
                 awsModelFile("sign-in.json"),
+                awsShapeFile("shapes.json"),
             )
 
             val serviceShape = "com.amazonaws.signin#Signin"

aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/LoginCredentialsProvider.kt

@@ -32,12 +32,10 @@ import kotlin.coroutines.coroutineContext
  * the directory specified by the `AWS_LOGIN_CACHE_DIRECTORY` environment variable.
  *
  * ```
- * val source = LoginCredentialsProvider(
- *     loginSession = "my-login-session"
- * )
- *
  * // Wrap the provider with a caching provider to cache the credentials until their expiration time
- * val loginProvider = CachedCredentialsProvider(source)
+ * val loginProvider = LoginCredentialsProvider(
+ *      loginSession = "my-login-session"
+ * ).cached()
  * ```
  * It is important that you wrap the provider with [CachedCredentialsProvider] if you are programmatically constructing
  * the provider directly. This prevents your application from accessing the cached access token and requesting new

aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/LoginTokenProvider.kt

@@ -144,13 +144,14 @@ public class LoginTokenProvider(
 
     private suspend fun writeToken(refreshed: LoginToken) {
         val cacheKey = getLoginCacheFilename(loginSessionName)
-        val directory = platformProvider.getenv("AWS_LOGIN_IN_CACHE_DIRECTORY") ?: platformProvider.filepath("~", ".aws", "login", "cache")
+        val directory = resolveCacheDir(platformProvider)
         val filepath = normalizePath(platformProvider.filepath(directory, cacheKey), platformProvider)
         val contents = serializeLoginToken(refreshed)
         try {
             platformProvider.writeFile(filepath, contents)
         } catch (ex: Exception) {
             coroutineContext.debug<LoginTokenProvider>(ex) { "failed to write refreshed token back to disk at $filepath" }
+            throw ex
         }
     }
 
@@ -333,13 +334,17 @@ private fun generateDpopProof(
 internal suspend fun readLoginTokenFromCache(cacheKey: String, platformProvider: PlatformProvider): LoginToken {
     val key = getLoginCacheFilename(cacheKey)
     val bytes = with(platformProvider) {
-        val directory = getenv("AWS_LOGIN_IN_CACHE_DIRECTORY") ?: filepath("~", ".aws", "login", "cache")
+        val directory = resolveCacheDir(this)
         val defaultCacheLocation = normalizePath(directory, this)
         readFileOrNull(filepath(defaultCacheLocation, key))
     } ?: throw ProviderConfigurationException("Invalid or missing login session cache. Run `aws login` to initiate a new session")
     return deserializeLoginToken(bytes)
 }
 
+private fun resolveCacheDir(platformProvider: PlatformProvider) =
+    platformProvider.getenv("AWS_LOGIN_IN_CACHE_DIRECTORY")
+        ?: platformProvider.filepath("~", ".aws", "login", "cache")
+
 internal fun getLoginCacheFilename(cacheKey: String): String {
     val sha256HexDigest = cacheKey.trim().encodeToByteArray().sha256().encodeToHex()
     return "$sha256HexDigest.json"

aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/profile/ProfileChain.kt

@@ -359,7 +359,7 @@ private fun AwsProfile.leafProvider(config: AwsSharedConfig): LeafProvider {
     return webIdentityTokenCreds()
         .orElse { ssoSessionCreds(config) }
         .orElse(::legacySsoCreds)
-        .orElse { loginSessionCreds() }
+        .orElse(::loginSessionCreds)
         .unwrapOrElse(::processCreds)
         .unwrap()
 }

codegen/sdk/aws-models/sign-in.json

@@ -113,7 +113,26 @@
         "smithy.api#http": {
           "method": "POST",
           "uri": "/v1/token"
-        }
+        },
+        "smithy.test#smokeTests": [
+          {
+            "id": "TokenOperationSmokeTest",
+            "params": {
+              "tokenInput": {
+                "clientId": "aws:signin:::cli/same-device",
+                "grantType": "authorization_code",
+                "code": "test-code",
+                "redirectUri": "https://example.com",
+                "codeVerifier": "test-code-verifier-1234567890abcdefghijklmnop"
+              }
+            },
+            "vendorParamsShape": "aws.test#AwsVendorParams",
+            "vendorParams": {},
+            "expect": {
+              "failure": {}
+            }
+          }
+        ]
       }
     },
     "com.amazonaws.signin#CreateOAuth2TokenRequest": {

codegen/sdk/aws-shapes/shapes.json

@@ -0,0 +1,9 @@
+{
+  "smithy": "2.0",
+  "shapes": {
+    "aws.test#AwsVendorParams": {
+      "type": "structure",
+      "members": {}
+    }
+  }
+}