Merge branch 'main' into v1.5-main-merge

Author: ianbotsf

CHANGELOG.md

@@ -1,5 +1,44 @@
 # Changelog
 
+## [1.4.124] - 07/17/2025
+
+### Features
+* (**cleanroomsml**) This release introduces Parquet result format support for ML Input Channel models in AWS Clean Rooms ML.
+* (**ec2**) AWS Free Tier Version2 Support
+* (**mailmanager**) Allow underscores in the local part of the input of the "Email recipients rewrite" action in rule sets.
+* (**mediaconvert**) This release expands the range of supported audio outputs to include xHE, 192khz FLAC and the deprecation of dual mono for AC3.
+* (**synthetics**) This feature allows AWS Synthetics customers to provide code dependencies using lambda layer while creating a canary
+
+### Documentation
+* (**cloudfront**) Doc only update for CloudFront that fixes some customer-reported issues
+* (**keyspacesstreams**) Doc only update for the Amazon Keyspaces Streams API.
+* (**sfn**) Align input with style guidelines.
+
+## [1.4.123] - 07/16/2025
+
+### Features
+* (**bedrock**) This release adds support for on-demand custom model inference through CustomModelDeployment APIs for Amazon Bedrock.
+* (**bedrockagentcore**) Initial release of Amazon Bedrock AgentCore SDK including Runtime, Built-In Tools, Memory, Gateway and Identity.
+* (**bedrockagentcorecontrol**) Initial release of Amazon Bedrock AgentCore SDK including Runtime, Built-In Tools, Memory, Gateway and Identity.
+* (**bedrockruntime**) document update to support on demand custom model.
+* (**cloudwatchlogs**) CloudWatch Logs updates: Added X-Ray tracing for Amazon Bedrock Agent resources. Logs introduced Log Group level resource policies (managed through Put/Delete/Describe Resource Policy APIs). For more information, see CloudWatch Logs API documentation.
+* (**datasync**) AWS DataSync now supports IPv6 address inputs and outputs in create, update, and describe operations for NFS, SMB, and Object Storage locations
+* (**glue**) AWS Glue now supports schema, partition and sort management of Apache Iceberg tables using Glue SDK
+* (**guardduty**) Add expectedBucketOwner parameter to ThreatIntel and IPSet APIs.
+* (**iotwireless**) FuotaTaskId is not a valid IdentifierType for EventConfiguration and is being removed from possible IdentifierType values.
+* (**mediapackagev2**) This release adds support for CDN Authentication using Static Headers in MediaPackage v2.
+* (**networkflowmonitor**) Introducing 2 new scope status types - DEACTIVATING and DEACTIVATED.
+* (**paymentcryptographydata**) Expand length of message data field for Mac generation and validation to 8192 characters.
+* Add support for Bearer authentication using a token set in an environment variable for Bedrock services
+
+### Documentation
+* (**sfn**) Doc-only update to introduction, and edits to clarify input parameter and the set of control characters.
+
+## [1.4.122] - 07/16/2025
+
+### Features
+* (**ecs**) This release removes hookDetails for the Amazon ECS native blue/green deployments.
+
 ## [1.4.121] - 07/15/2025
 
 ### Features

codegen/aws-sdk-codegen/src/main/kotlin/aws/sdk/kotlin/codegen/customization/EnvironmentBearerTokenCustomization.kt

@@ -0,0 +1,121 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+package aws.sdk.kotlin.codegen.customization
+
+import aws.sdk.kotlin.codegen.SdkIdTransform
+import aws.sdk.kotlin.codegen.ServiceClientCompanionObjectWriter
+import aws.sdk.kotlin.codegen.withTransform
+import software.amazon.smithy.kotlin.codegen.KotlinSettings
+import software.amazon.smithy.kotlin.codegen.core.*
+import software.amazon.smithy.kotlin.codegen.integration.AppendingSectionWriter
+import software.amazon.smithy.kotlin.codegen.integration.KotlinIntegration
+import software.amazon.smithy.kotlin.codegen.integration.SectionWriterBinding
+import software.amazon.smithy.kotlin.codegen.model.buildSymbol
+import software.amazon.smithy.kotlin.codegen.model.expectShape
+import software.amazon.smithy.kotlin.codegen.model.hasTrait
+import software.amazon.smithy.kotlin.codegen.model.knowledge.AwsSignatureVersion4
+import software.amazon.smithy.kotlin.codegen.rendering.ServiceClientGenerator
+import software.amazon.smithy.model.Model
+import software.amazon.smithy.model.shapes.ServiceShape
+import software.amazon.smithy.model.traits.HttpBearerAuthTrait
+
+/**
+ * Customization that enables sourcing Bearer tokens from an environment variable
+ *
+ * When a service-specific environment variable for bearer tokens is present (e.g., AWS_BEARER_TOKEN_BEDROCK),
+ * this customization configures the auth scheme resolver to prefer the smithy.api#httpBearerAuth scheme
+ * over other authentication methods. Additionally, it configures a token provider that extracts the bearer token
+ * from the target environment variable.
+ */
+class EnvironmentBearerTokenCustomization : KotlinIntegration {
+    // Currently only services with sigv4 service name 'bedrock' need this customization
+    private val supportedSigningServiceNames = setOf("bedrock")
+
+    override fun enabledForService(model: Model, settings: KotlinSettings): Boolean {
+        val serviceShape = settings.getService(model)
+        if (!AwsSignatureVersion4.isSupportedAuthentication(model, serviceShape)) {
+            return false
+        }
+        if (!serviceShape.hasTrait<HttpBearerAuthTrait>()) {
+            return false
+        }
+
+        return AwsSignatureVersion4.signingServiceName(serviceShape) in supportedSigningServiceNames
+    }
+
+    override fun writeAdditionalFiles(ctx: CodegenContext, delegator: KotlinDelegator) {
+        val serviceShape = ctx.model.expectShape<ServiceShape>(ctx.settings.service)
+        val packageName = ctx.settings.pkg.name
+
+        delegator.useFileWriter(
+            "FinalizeBearerTokenConfig.kt",
+            "$packageName.auth",
+        ) { writer ->
+            renderEnvironmentBearerTokenConfig(
+                writer,
+                ctx,
+                serviceShape,
+            )
+        }
+    }
+
+    private fun renderEnvironmentBearerTokenConfig(
+        writer: KotlinWriter,
+        ctx: CodegenContext,
+        serviceShape: ServiceShape,
+    ) {
+        val serviceSymbol = ctx.symbolProvider.toSymbol(serviceShape)
+        val signingServiceName = AwsSignatureVersion4.signingServiceName(serviceShape)
+        // Transform signing name to environment variable name
+        val envVarSuffix = signingServiceName.withTransform(SdkIdTransform.UpperSnakeCase)
+        val envVarName = "AWS_BEARER_TOKEN_$envVarSuffix"
+        val authSchemeId = RuntimeTypes.Auth.Identity.AuthSchemeId
+
+        writer.withBlock(
+            "internal fun finalizeBearerTokenConfig(builder: #1T.Builder, provider: #2T = #2T.System) {",
+            "}",
+            serviceSymbol,
+            RuntimeTypes.Core.Utils.PlatformProvider,
+        ) {
+            // The customization do nothing if environment variable is not set
+            write("if (provider.getenv(#S) == null) { return }", envVarName)
+
+            // Configure auth scheme preference if customer hasn't specify one
+            write("builder.config.authSchemePreference = builder.config.authSchemePreference ?: listOf(#T.HttpBearer)", authSchemeId)
+
+            // Promote HttpBearer to first position in auth scheme preference list
+            withBlock("val filteredSchemes = builder.config.authSchemePreference?.filterNot {", "} ?: emptyList()") {
+                write("it == #T.HttpBearer", authSchemeId)
+            }
+
+            write("builder.config.authSchemePreference = listOf(#1T.HttpBearer) + filteredSchemes", authSchemeId)
+
+            write(
+                "builder.config.bearerTokenProvider = builder.config.bearerTokenProvider ?: #T(#S, provider)",
+                RuntimeTypes.Auth.HttpAuth.EnvironmentBearerTokenProvider,
+                envVarName,
+            )
+        }
+    }
+
+    override val sectionWriters: List<SectionWriterBinding>
+        get() = listOf(
+            SectionWriterBinding(
+                ServiceClientCompanionObjectWriter.FinalizeEnvironmentalConfig,
+                finalizeEnvironmentBearerTokenConfigWriter,
+            ),
+        )
+
+    private val finalizeEnvironmentBearerTokenConfigWriter = AppendingSectionWriter { writer ->
+        val serviceName = clientName(writer.getContextValue(ServiceClientGenerator.Sections.CompanionObject.SdkId))
+
+        val environmentBearerTokenConfig = buildSymbol {
+            name = "finalizeBearerTokenConfig"
+            namespace = "aws.sdk.kotlin.services.${serviceName.lowercase()}.auth"
+        }
+
+        writer.write("#T(builder)", environmentBearerTokenConfig)
+    }
+}

codegen/aws-sdk-codegen/src/main/resources/META-INF/services/software.amazon.smithy.kotlin.codegen.integration.KotlinIntegration

@@ -50,3 +50,4 @@ aws.sdk.kotlin.codegen.smoketests.testing.SmokeTestSuccessHttpEngineIntegration
 aws.sdk.kotlin.codegen.smoketests.testing.SmokeTestFailHttpEngineIntegration
 aws.sdk.kotlin.codegen.customization.AwsQueryModeCustomization
 aws.sdk.kotlin.codegen.ModuleDocumentationIntegration
+aws.sdk.kotlin.codegen.customization.EnvironmentBearerTokenCustomization

codegen/aws-sdk-codegen/src/main/resources/aws/sdk/kotlin/codegen/endpoints.json

@@ -13860,6 +13860,7 @@
         "endpoints" : {
           "af-south-1" : { },
           "ap-east-1" : { },
+          "ap-east-2" : { },
           "ap-northeast-1" : { },
           "ap-northeast-2" : { },
           "ap-northeast-3" : { },
@@ -21427,7 +21428,9 @@
           "ap-southeast-2" : { },
           "ap-southeast-3" : { },
           "ap-southeast-4" : { },
+          "ap-southeast-5" : { },
           "ca-central-1" : { },
+          "ca-west-1" : { },
           "eu-central-1" : { },
           "eu-central-2" : { },
           "eu-north-1" : { },

codegen/aws-sdk-codegen/src/test/kotlin/aws/sdk/kotlin/codegen/customization/EnvironmentBearerTokenCustomizationTest.kt

@@ -0,0 +1,117 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+package aws.sdk.kotlin.codegen.customization
+
+import software.amazon.smithy.kotlin.codegen.test.*
+import kotlin.test.Test
+import kotlin.test.assertFalse
+import kotlin.test.assertTrue
+
+class EnvironmentBearerTokenCustomizationTest {
+    @Test
+    fun `test customization enabled for bedrock sigv4 signing name`() {
+        val bedrockModel = """
+            namespace com.test
+            use aws.auth#sigv4
+            use aws.api#service
+            use smithy.api#httpBearerAuth
+            
+            @sigv4(name: "bedrock")
+            @httpBearerAuth
+            @service(sdkId: "Bedrock")
+            service Bedrock {
+                version: "1.0.0"
+            }
+        """.trimIndent().toSmithyModel()
+
+        assertTrue {
+            EnvironmentBearerTokenCustomization()
+                .enabledForService(bedrockModel, bedrockModel.defaultSettings())
+        }
+    }
+
+    fun `test customization enabled for bedrock sigv4 signing name with different sdkId`() {
+        val bedrockRuntimeModel = """
+            namespace com.test
+            use aws.auth#sigv4
+            use aws.api#service
+            use smithy.api#httpBearerAuth
+            
+            @sigv4(name: "bedrock")
+            @httpBearerAuth
+            @service(sdkId: "Bedrock Runtime")
+            service BedrockRuntime {
+                version: "1.0.0"
+            }
+        """.trimIndent().toSmithyModel()
+
+        assertTrue {
+            EnvironmentBearerTokenCustomization()
+                .enabledForService(bedrockRuntimeModel, bedrockRuntimeModel.defaultSettings())
+        }
+    }
+
+    @Test
+    fun `test customization not enabled for non-bedrock sigv4 signing name`() {
+        val nonBedrockModel = """
+            namespace com.test
+            use aws.auth#sigv4
+            use aws.api#service
+            use smithy.api#httpBearerAuth
+            
+            @sigv4(name: "s3")
+            @httpBearerAuth
+            @service(sdkId: "S3")
+            service S3 {
+                version: "1.0.0"
+            }
+        """.trimIndent().toSmithyModel()
+
+        assertFalse {
+            EnvironmentBearerTokenCustomization()
+                .enabledForService(nonBedrockModel, nonBedrockModel.defaultSettings())
+        }
+    }
+
+    @Test
+    fun `test customization not enabled for model without sigv4 trait`() {
+        val noSigV4Model = """
+            namespace com.test
+            use aws.api#service
+            use smithy.api#httpBearerAuth
+            
+            @service(sdkId: "NoSigV4")
+            @httpBearerAuth
+            service NoSigV4 {
+                version: "1.0.0"
+            }
+        """.trimIndent().toSmithyModel()
+
+        assertFalse {
+            EnvironmentBearerTokenCustomization()
+                .enabledForService(noSigV4Model, noSigV4Model.defaultSettings())
+        }
+    }
+
+    @Test
+    fun `test customization not enabled for model without bearer auth trait`() {
+        val noBearerAuthModel = """
+            namespace com.test
+            use aws.auth#sigv4
+            use aws.api#service
+    
+            @sigv4(name: "bedrock")
+            @service(sdkId: "BedrockNoBearerAuth")
+            service BedrockNoBearerAuth {
+                version: "1.0.0"
+            }
+        """.trimIndent().toSmithyModel()
+
+        assertFalse {
+            EnvironmentBearerTokenCustomization()
+                .enabledForService(noBearerAuthModel, noBearerAuthModel.defaultSettings())
+        }
+    }
+}