feedback

0marperez · 0marperez · commit c77546f432a6 · 2025-11-14T15:06:18.000-05:00
diff --git a/aws-runtime/aws-config/api/aws-config.api b/aws-runtime/aws-config/api/aws-config.api
@@ -102,27 +102,17 @@ public final class aws/sdk/kotlin/runtime/auth/credentials/InvalidSsoTokenExcept
 	public synthetic fun <init> (Ljava/lang/String;Ljava/lang/Throwable;ILkotlin/jvm/internal/DefaultConstructorMarker;)V
 }
 
-public final class aws/sdk/kotlin/runtime/auth/credentials/LoginCredentialsProvider : aws/smithy/kotlin/runtime/auth/awscredentials/CredentialsProvider {
+public final class aws/sdk/kotlin/runtime/auth/credentials/LoginCredentialsProvider : aws/smithy/kotlin/runtime/auth/awscredentials/CloseableCredentialsProvider {
 	public fun <init> (Ljava/lang/String;Ljava/lang/String;Laws/smithy/kotlin/runtime/http/engine/HttpClientEngine;Laws/smithy/kotlin/runtime/util/PlatformProvider;Laws/smithy/kotlin/runtime/time/Clock;)V
 	public synthetic fun <init> (Ljava/lang/String;Ljava/lang/String;Laws/smithy/kotlin/runtime/http/engine/HttpClientEngine;Laws/smithy/kotlin/runtime/util/PlatformProvider;Laws/smithy/kotlin/runtime/time/Clock;ILkotlin/jvm/internal/DefaultConstructorMarker;)V
+	public fun close ()V
 	public final fun getHttpClient ()Laws/smithy/kotlin/runtime/http/engine/HttpClientEngine;
 	public final fun getLoginSession ()Ljava/lang/String;
 	public final fun getPlatformProvider ()Laws/smithy/kotlin/runtime/util/PlatformProvider;
 	public final fun getRegion ()Ljava/lang/String;
 	public fun resolve (Laws/smithy/kotlin/runtime/collections/Attributes;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;
 }
 
-public final class aws/sdk/kotlin/runtime/auth/credentials/LoginTokenProvider : aws/smithy/kotlin/runtime/auth/awscredentials/CredentialsProvider {
-	public synthetic fun <init> (Ljava/lang/String;Ljava/lang/String;JLaws/smithy/kotlin/runtime/http/engine/HttpClientEngine;Laws/smithy/kotlin/runtime/util/PlatformProvider;Laws/smithy/kotlin/runtime/time/Clock;ILkotlin/jvm/internal/DefaultConstructorMarker;)V
-	public synthetic fun <init> (Ljava/lang/String;Ljava/lang/String;JLaws/smithy/kotlin/runtime/http/engine/HttpClientEngine;Laws/smithy/kotlin/runtime/util/PlatformProvider;Laws/smithy/kotlin/runtime/time/Clock;Lkotlin/jvm/internal/DefaultConstructorMarker;)V
-	public final fun getHttpClient ()Laws/smithy/kotlin/runtime/http/engine/HttpClientEngine;
-	public final fun getLoginSessionName ()Ljava/lang/String;
-	public final fun getPlatformProvider ()Laws/smithy/kotlin/runtime/util/PlatformProvider;
-	public final fun getRefreshBufferWindow-UwyO8pc ()J
-	public final fun getRegion ()Ljava/lang/String;
-	public fun resolve (Laws/smithy/kotlin/runtime/collections/Attributes;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;
-}
-
 public final class aws/sdk/kotlin/runtime/auth/credentials/ProcessCredentialsProvider : aws/smithy/kotlin/runtime/auth/awscredentials/CredentialsProvider {
 	public fun <init> (Ljava/lang/String;Laws/smithy/kotlin/runtime/util/PlatformProvider;JJ)V
 	public synthetic fun <init> (Ljava/lang/String;Laws/smithy/kotlin/runtime/util/PlatformProvider;JJILkotlin/jvm/internal/DefaultConstructorMarker;)V
diff --git a/aws-runtime/aws-config/build.gradle.kts b/aws-runtime/aws-config/build.gradle.kts
@@ -71,14 +71,12 @@ kotlin {
 fun awsModelFile(name: String): String =
     rootProject.file("codegen/sdk/aws-models/$name").relativeTo(project.layout.buildDirectory.get().asFile).toString()
 
-fun awsShapeFile(name: String): String =
-    rootProject.file("codegen/sdk/aws-shapes/$name").relativeTo(project.layout.buildDirectory.get().asFile).toString()
-
 val codegen by configurations.getting
 dependencies {
     codegen(project(":codegen:aws-sdk-codegen"))
     codegen(libs.smithy.cli)
     codegen(libs.smithy.model)
+    codegen(libs.smithy.aws.smoke.test.model)
 }
 
 smithyBuild {
@@ -195,7 +193,6 @@ smithyBuild {
         create("signin-credentials-provider") {
             imports = listOf(
                 awsModelFile("sign-in.json"),
-                awsShapeFile("shapes.json"),
             )
 
             val serviceShape = "com.amazonaws.signin#Signin"
diff --git a/aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/LoginCredentialsProvider.kt b/aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/LoginCredentialsProvider.kt
@@ -5,15 +5,18 @@
 
 package aws.sdk.kotlin.runtime.auth.credentials
 
+import aws.sdk.kotlin.runtime.auth.credentials.internal.signin.SigninClient
 import aws.sdk.kotlin.runtime.http.interceptors.businessmetrics.AwsBusinessMetric
 import aws.sdk.kotlin.runtime.http.interceptors.businessmetrics.withBusinessMetric
+import aws.smithy.kotlin.runtime.auth.awscredentials.CloseableCredentialsProvider
 import aws.smithy.kotlin.runtime.auth.awscredentials.Credentials
 import aws.smithy.kotlin.runtime.auth.awscredentials.CredentialsProvider
 import aws.smithy.kotlin.runtime.collections.Attributes
 import aws.smithy.kotlin.runtime.http.engine.HttpClientEngine
 import aws.smithy.kotlin.runtime.telemetry.logging.logger
 import aws.smithy.kotlin.runtime.time.Clock
 import aws.smithy.kotlin.runtime.util.PlatformProvider
+import kotlinx.coroutines.runBlocking
 import kotlin.coroutines.coroutineContext
 
 /**
@@ -54,7 +57,10 @@ public class LoginCredentialsProvider public constructor(
     public val httpClient: HttpClientEngine? = null,
     public val platformProvider: PlatformProvider = PlatformProvider.System,
     private val clock: Clock = Clock.System,
-) : CredentialsProvider {
+) : CloseableCredentialsProvider {
+    private val cacheDirectory = resolveCacheDir(platformProvider)
+    private val client = runBlocking { signinClient(region, httpClient) }
+
     override suspend fun resolve(attributes: Attributes): Credentials {
         val logger = coroutineContext.logger<LoginCredentialsProvider>()
 
@@ -65,11 +71,26 @@ public class LoginCredentialsProvider public constructor(
                 httpClient = httpClient,
                 platformProvider = platformProvider,
                 clock = clock,
+                cacheDirectory = cacheDirectory,
+                client = client,
             )
 
         logger.trace { "Attempting to load token using token provider for login-session: `$loginSession`" }
         val creds = loginTokenProvider.resolve(attributes)
 
         return creds.withBusinessMetric(AwsBusinessMetric.Credentials.CREDENTIALS_LOGIN)
     }
+
+    override fun close() {
+        client.close()
+    }
 }
+
+internal fun resolveCacheDir(platformProvider: PlatformProvider) =
+    platformProvider.getenv("AWS_LOGIN_IN_CACHE_DIRECTORY") ?: platformProvider.filepath("~", ".aws", "login", "cache")
+
+internal suspend fun signinClient(providedRegion: String? = null, providedHttpClient: HttpClientEngine? = null) =
+    SigninClient.fromEnvironment {
+        region = providedRegion
+        httpClient = providedHttpClient
+    }
diff --git a/aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/LoginTokenProvider.kt b/aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/LoginTokenProvider.kt
@@ -11,6 +11,7 @@ import aws.sdk.kotlin.runtime.auth.credentials.internal.signin.SigninClient
 import aws.sdk.kotlin.runtime.auth.credentials.internal.signin.createOAuth2Token
 import aws.sdk.kotlin.runtime.auth.credentials.internal.signin.model.AccessDeniedException
 import aws.sdk.kotlin.runtime.auth.credentials.internal.signin.model.OAuth2ErrorCode
+import aws.sdk.kotlin.runtime.auth.credentials.internal.signin.withConfig
 import aws.sdk.kotlin.runtime.config.profile.normalizePath
 import aws.smithy.kotlin.runtime.auth.awscredentials.Credentials
 import aws.smithy.kotlin.runtime.auth.awscredentials.CredentialsProvider
@@ -30,7 +31,6 @@ import aws.smithy.kotlin.runtime.serde.json.jsonStreamWriter
 import aws.smithy.kotlin.runtime.serde.json.nextTokenOf
 import aws.smithy.kotlin.runtime.telemetry.logging.debug
 import aws.smithy.kotlin.runtime.telemetry.logging.error
-import aws.smithy.kotlin.runtime.telemetry.telemetryProvider
 import aws.smithy.kotlin.runtime.text.encoding.decodeBase64Bytes
 import aws.smithy.kotlin.runtime.text.encoding.encodeToHex
 import aws.smithy.kotlin.runtime.time.Clock
@@ -85,13 +85,15 @@ private class DpopInterceptor(private val dpopKeyPem: String) : HttpInterceptor
  * @param platformProvider the platform provider to use
  * @param clock the source of time for the provider
  */
-public class LoginTokenProvider(
-    public val loginSessionName: String,
-    public val region: String? = null,
-    public val refreshBufferWindow: Duration = DEFAULT_SIGNIN_TOKEN_REFRESH_BUFFER_SECONDS.seconds,
-    public val httpClient: HttpClientEngine? = null,
-    public val platformProvider: PlatformProvider = PlatformProvider.System,
-    private val clock: Clock = Clock.System,
+internal class LoginTokenProvider(
+    val loginSessionName: String,
+    val region: String? = null,
+    val refreshBufferWindow: Duration = DEFAULT_SIGNIN_TOKEN_REFRESH_BUFFER_SECONDS.seconds,
+    val httpClient: HttpClientEngine? = null,
+    val platformProvider: PlatformProvider = PlatformProvider.System,
+    val clock: Clock = Clock.System,
+    val cacheDirectory: String,
+    val client: SigninClient,
 ) : CredentialsProvider {
 
     // debounce concurrent requests for a token
@@ -111,7 +113,7 @@ public class LoginTokenProvider(
     }
 
     private suspend fun getToken(attributes: Attributes): LoginToken {
-        val token = readLoginTokenFromCache(loginSessionName, platformProvider)
+        val token = readLoginTokenFromCache(loginSessionName, platformProvider, cacheDirectory)
 
         if (clock.now() < (token.expiresAt - refreshBufferWindow)) {
             coroutineContext.debug<LoginTokenProvider> { "using cached token for login-session: $loginSessionName" }
@@ -144,8 +146,7 @@ public class LoginTokenProvider(
 
     private suspend fun writeToken(refreshed: LoginToken) {
         val cacheKey = getLoginCacheFilename(loginSessionName)
-        val directory = resolveCacheDir(platformProvider)
-        val filepath = normalizePath(platformProvider.filepath(directory, cacheKey), platformProvider)
+        val filepath = normalizePath(platformProvider.filepath(cacheDirectory, cacheKey), platformProvider)
         val contents = serializeLoginToken(refreshed)
         try {
             platformProvider.writeFile(filepath, contents)
@@ -159,12 +160,7 @@ public class LoginTokenProvider(
         throw InvalidLoginTokenException(message ?: "Login token for login-session: $loginSessionName is expired", cause)
 
     private suspend fun refreshToken(oldToken: LoginToken): LoginToken {
-        val telemetry = coroutineContext.telemetryProvider
-
-        SigninClient.fromEnvironment {
-            region = this@LoginTokenProvider.region
-            httpClient = this@LoginTokenProvider.httpClient
-            telemetryProvider = telemetry
+        client.withConfig {
             interceptors += DpopInterceptor(oldToken.dpopKey)
         }.use { client ->
             return try {
@@ -331,20 +327,15 @@ private fun generateDpopProof(
     return "$message.${ base64UrlNoPadding.encode(signature) }"
 }
 
-internal suspend fun readLoginTokenFromCache(cacheKey: String, platformProvider: PlatformProvider): LoginToken {
+internal suspend fun readLoginTokenFromCache(cacheKey: String, platformProvider: PlatformProvider, cacheDirectory: String): LoginToken {
     val key = getLoginCacheFilename(cacheKey)
     val bytes = with(platformProvider) {
-        val directory = resolveCacheDir(this)
-        val defaultCacheLocation = normalizePath(directory, this)
+        val defaultCacheLocation = normalizePath(cacheDirectory, this)
         readFileOrNull(filepath(defaultCacheLocation, key))
     } ?: throw ProviderConfigurationException("Invalid or missing login session cache. Run `aws login` to initiate a new session")
     return deserializeLoginToken(bytes)
 }
 
-private fun resolveCacheDir(platformProvider: PlatformProvider) =
-    platformProvider.getenv("AWS_LOGIN_IN_CACHE_DIRECTORY")
-        ?: platformProvider.filepath("~", ".aws", "login", "cache")
-
 internal fun getLoginCacheFilename(cacheKey: String): String {
     val sha256HexDigest = cacheKey.trim().encodeToByteArray().sha256().encodeToHex()
     return "$sha256HexDigest.json"
diff --git a/aws-runtime/aws-config/common/test/aws/sdk/kotlin/runtime/auth/credentials/LoginTokenProviderTest.kt b/aws-runtime/aws-config/common/test/aws/sdk/kotlin/runtime/auth/credentials/LoginTokenProviderTest.kt
@@ -152,6 +152,8 @@ class LoginTokenProviderTest {
                 httpClient = httpClient,
                 platformProvider = testPlatform,
                 clock = testClock,
+                cacheDirectory = resolveCacheDir(testPlatform),
+                client = signinClient(providedHttpClient = httpClient),
             )
 
             testCase.outcomes.forEach { expectedOutcome ->
diff --git a/codegen/sdk/aws-shapes/shapes.json b/codegen/sdk/aws-shapes/shapes.json

Original file line number	Diff line number	Diff line change
`@@ -152,6 +152,8 @@ class LoginTokenProviderTest {`
`152`	`152`	`httpClient = httpClient,`
`153`	`153`	`platformProvider = testPlatform,`
`154`	`154`	`clock = testClock,`
	`155`	`+ cacheDirectory = resolveCacheDir(testPlatform),`
	`156`	`+ client = signinClient(providedHttpClient = httpClient),`
`155`	`157`	`)`
`156`	`158`
`157`	`159`	`testCase.outcomes.forEach { expectedOutcome ->`