fix: correct the addition of signing at the operation level (#271)

Author: kneekey23

codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/AWSHttpProtocolCustomizations.kt

@@ -4,7 +4,6 @@ import software.amazon.smithy.aws.swift.codegen.middleware.AWSSigningMiddleware
 import software.amazon.smithy.aws.swift.codegen.middleware.EndpointResolverMiddleware
 import software.amazon.smithy.aws.swift.codegen.middleware.RetryMiddleware
 import software.amazon.smithy.aws.swift.codegen.middleware.UserAgentMiddleware
-import software.amazon.smithy.aws.traits.auth.SigV4Trait
 import software.amazon.smithy.model.node.Node
 import software.amazon.smithy.model.shapes.OperationShape
 import software.amazon.smithy.model.shapes.ServiceShape
@@ -13,14 +12,13 @@ import software.amazon.smithy.swift.codegen.integration.ClientProperty
 import software.amazon.smithy.swift.codegen.integration.DefaultHttpProtocolCustomizations
 import software.amazon.smithy.swift.codegen.integration.OperationMiddlewareRenderable
 import software.amazon.smithy.swift.codegen.integration.ProtocolGenerator
-import software.amazon.smithy.swift.codegen.model.getTrait
 
 abstract class AWSHttpProtocolCustomizations : DefaultHttpProtocolCustomizations() {
-    override fun baseMiddlewares(ctx: ProtocolGenerator.GenerationContext): List<OperationMiddlewareRenderable> {
-        val defaultMiddlewares = super.baseMiddlewares(ctx)
+    override fun baseMiddlewares(ctx: ProtocolGenerator.GenerationContext, op: OperationShape): List<OperationMiddlewareRenderable> {
+        val defaultMiddlewares = super.baseMiddlewares(ctx, op)
         val protocolMiddlewares = mutableListOf(EndpointResolverMiddleware(), RetryMiddleware())
 
-        if (ctx.service.needsSigning) {
+        if (AWSSigningMiddleware.hasSigV4AuthScheme(ctx.model, ctx.service, op)) {
             protocolMiddlewares.add(AWSSigningMiddleware())
         }
 
@@ -35,8 +33,8 @@ abstract class AWSHttpProtocolCustomizations : DefaultHttpProtocolCustomizations
         writer.write("  .withCredentialsProvider(value: config.credentialsProvider)")
         writer.write("  .withRegion(value: config.region)")
         writer.write("  .withHost(value: \"$endpointPrefix.\\(config.region).amazonaws.com\")")
-        if (serviceShape.needsSigning) {
-            val signingName = serviceShape.getTrait<SigV4Trait>()?.name
+        if (AWSSigningMiddleware.hasSigV4AuthScheme(ctx.model, ctx.service, op)) {
+            val signingName = AWSSigningMiddleware.signingServiceName(serviceShape)
             writer.write("  .withSigningName(value: \$S)", signingName)
             writer.write("  .withSigningRegion(value: config.signingRegion)")
         }

codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/AWSServiceUtils.kt

@@ -6,10 +6,8 @@
 package software.amazon.smithy.aws.swift.codegen
 
 import software.amazon.smithy.aws.traits.ServiceTrait
-import software.amazon.smithy.aws.traits.auth.SigV4Trait
 import software.amazon.smithy.model.shapes.ServiceShape
 import software.amazon.smithy.swift.codegen.model.expectTrait
-import software.amazon.smithy.swift.codegen.model.hasTrait
 
 /**
  * Get the [sdkId](https://awslabs.github.io/smithy/1.0/spec/aws/aws-core.html#sdkid) from the (AWS) service shape
@@ -30,9 +28,3 @@ val ServiceShape.arnNamespace: String
  */
 val ServiceShape.endpointPrefix: String
     get() = expectTrait<ServiceTrait>().endpointPrefix
-
-/**
- * Determines if the service shape needs sigv4 signing
- */
-val ServiceShape.needsSigning: Boolean
-    get() = hasTrait<SigV4Trait>()

codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/awsjson/AWSHttpProtocolJson10Customizations.kt

@@ -4,15 +4,16 @@ import software.amazon.smithy.aws.swift.codegen.AWSHttpProtocolCustomizations
 import software.amazon.smithy.aws.swift.codegen.AWSSwiftDependency
 import software.amazon.smithy.aws.swift.codegen.middleware.AWSXAmzTargetMiddleware
 import software.amazon.smithy.codegen.core.Symbol
+import software.amazon.smithy.model.shapes.OperationShape
 import software.amazon.smithy.protocoltests.traits.HttpRequestTestCase
 import software.amazon.smithy.swift.codegen.SwiftWriter
 import software.amazon.smithy.swift.codegen.integration.OperationMiddlewareRenderable
 import software.amazon.smithy.swift.codegen.integration.ProtocolGenerator.GenerationContext
 
 class AWSHttpProtocolJson10Customizations : AWSHttpProtocolCustomizations() {
 
-    override fun baseMiddlewares(ctx: GenerationContext): List<OperationMiddlewareRenderable> {
-        val defaultMiddlewares = super.baseMiddlewares(ctx)
+    override fun baseMiddlewares(ctx: GenerationContext, op: OperationShape): List<OperationMiddlewareRenderable> {
+        val defaultMiddlewares = super.baseMiddlewares(ctx, op)
         val protocolMiddlewares = listOf<OperationMiddlewareRenderable>(AWSXAmzTargetMiddleware())
         return defaultMiddlewares + protocolMiddlewares
     }

codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/awsjson/AWSHttpProtocolJson11Customizations.kt

@@ -4,15 +4,16 @@ import software.amazon.smithy.aws.swift.codegen.AWSHttpProtocolCustomizations
 import software.amazon.smithy.aws.swift.codegen.AWSSwiftDependency
 import software.amazon.smithy.aws.swift.codegen.middleware.AWSXAmzTargetMiddleware
 import software.amazon.smithy.codegen.core.Symbol
+import software.amazon.smithy.model.shapes.OperationShape
 import software.amazon.smithy.protocoltests.traits.HttpRequestTestCase
 import software.amazon.smithy.swift.codegen.SwiftWriter
 import software.amazon.smithy.swift.codegen.integration.OperationMiddlewareRenderable
 import software.amazon.smithy.swift.codegen.integration.ProtocolGenerator
 
 class AWSHttpProtocolJson11Customizations : AWSHttpProtocolCustomizations() {
 
-    override fun baseMiddlewares(ctx: ProtocolGenerator.GenerationContext): List<OperationMiddlewareRenderable> {
-        val defaultMiddlewares = super.baseMiddlewares(ctx)
+    override fun baseMiddlewares(ctx: ProtocolGenerator.GenerationContext, op: OperationShape): List<OperationMiddlewareRenderable> {
+        val defaultMiddlewares = super.baseMiddlewares(ctx, op)
         val protocolMiddlewares = listOf<OperationMiddlewareRenderable>(AWSXAmzTargetMiddleware())
         return defaultMiddlewares + protocolMiddlewares
     }

codegen/smithy-aws-swift-codegen/src/main/kotlin/software/amazon/smithy/aws/swift/codegen/middleware/AWSSigningMiddleware.kt

@@ -1,13 +1,18 @@
 package software.amazon.smithy.aws.swift.codegen.middleware
 
+import software.amazon.smithy.aws.traits.auth.SigV4Trait
 import software.amazon.smithy.aws.traits.auth.UnsignedPayloadTrait
+import software.amazon.smithy.model.Model
+import software.amazon.smithy.model.knowledge.ServiceIndex
 import software.amazon.smithy.model.shapes.OperationShape
 import software.amazon.smithy.model.shapes.ServiceShape
+import software.amazon.smithy.model.traits.OptionalAuthTrait
 import software.amazon.smithy.swift.codegen.SwiftWriter
 import software.amazon.smithy.swift.codegen.integration.MiddlewarePosition
 import software.amazon.smithy.swift.codegen.integration.MiddlewareStep
 import software.amazon.smithy.swift.codegen.integration.OperationMiddlewareRenderable
 import software.amazon.smithy.swift.codegen.integration.ProtocolGenerator
+import software.amazon.smithy.swift.codegen.model.expectTrait
 import software.amazon.smithy.swift.codegen.model.hasTrait
 
 open class AWSSigningMiddleware : OperationMiddlewareRenderable {
@@ -50,4 +55,30 @@ open class AWSSigningMiddleware : OperationMiddlewareRenderable {
         val hasUnsignedPayload = op.hasTrait<UnsignedPayloadTrait>()
         return "unsignedBody: $hasUnsignedPayload"
     }
+
+    companion object {
+        /**
+         * Get the SigV4Trait auth name to sign request for
+         *
+         * @param serviceShape service shape for the API
+         * @return the service name to use in the credential scope to sign for
+         */
+        fun signingServiceName(serviceShape: ServiceShape): String {
+            val sigv4Trait = serviceShape.expectTrait<SigV4Trait>()
+            return sigv4Trait.name
+        }
+
+        /**
+         * Returns if the SigV4Trait is an auth scheme for the service and operation.
+         *
+         * @param model     model definition
+         * @param service   service shape for the API
+         * @param operation operation shape
+         * @return if SigV4Trait is an auth scheme for the operation and service.
+         */
+        fun hasSigV4AuthScheme(model: Model, service: ServiceShape, operation: OperationShape): Boolean {
+            val auth = ServiceIndex.of(model).getEffectiveAuthSchemes(service.id, operation.id)
+            return auth.containsKey(SigV4Trait.ID) && !operation.hasTrait<OptionalAuthTrait>()
+        }
+    }
 }

codegen/smithy-aws-swift-codegen/src/test/kotlin/software/amazon/smithy/aws/swift/codegen/AWSSigningMiddlewareTests.kt

@@ -1,6 +1,8 @@
 package software.amazon.smithy.aws.swift.codegen
 
 import io.kotest.matchers.string.shouldContainOnlyOnce
+import org.junit.jupiter.api.Assertions.assertFalse
+import org.junit.jupiter.api.Assertions.assertTrue
 import org.junit.jupiter.api.Test
 import software.amazon.smithy.aws.swift.codegen.middleware.AWSSigningMiddleware
 import software.amazon.smithy.aws.swift.codegen.restjson.AWSRestJson1ProtocolGenerator
@@ -9,33 +11,54 @@ import software.amazon.smithy.aws.traits.auth.UnsignedPayloadTrait
 import software.amazon.smithy.model.Model
 import software.amazon.smithy.model.shapes.OperationShape
 import software.amazon.smithy.model.shapes.ServiceShape
+import software.amazon.smithy.model.traits.AuthTrait
+import software.amazon.smithy.model.traits.HttpBasicAuthTrait
+import software.amazon.smithy.model.traits.OptionalAuthTrait
 import software.amazon.smithy.swift.codegen.SwiftWriter
 
 class AWSSigningMiddlewareTests {
     @Test
-    fun `needsSigningMiddleware does have SigV4Trait`() {
+    fun `service has SigV4Trait and operation has auth trait`() {
+        val sigV4Trait = SigV4Trait.builder().name("ExampleService").build()
+        val authList = listOf(HttpBasicAuthTrait().toShapeId(), sigV4Trait.toShapeId())
+
         val serviceShape = ServiceShape.builder()
             .id("com.test#Example")
             .version("1.0")
-            .addTrait(SigV4Trait.builder().name("ExampleService").build())
+            .addTrait(sigV4Trait)
+            .build()
+        val operationShape = OperationShape.builder()
+            .id("com.test#ExampleOperation")
+            .addTrait(UnsignedPayloadTrait())
+            .addTrait(AuthTrait(authList))
+            .build()
+        val model = Model.builder()
+            .addShape(serviceShape)
+            .addShape(operationShape)
             .build()
 
-        val result = serviceShape.needsSigning
-
-        assert(result).equals(true)
+        val hasAuthScheme = AWSSigningMiddleware.hasSigV4AuthScheme(model, serviceShape, operationShape)
+        assertTrue(hasAuthScheme)
     }
 
     @Test
-    fun `needsSigningMiddleware does not have SigV4Trait`() {
+    fun `service has SigV4trait but operation does not have auth`() {
         val serviceShape = ServiceShape.builder()
             .id("com.test#Example")
             .version("1.0")
             .addTrait(SigV4Trait.builder().name("ExampleService").build())
             .build()
+        val operationShape = OperationShape.builder()
+            .id("com.test#ExampleOperation")
+            .addTrait(OptionalAuthTrait())
+            .build()
+        val model = Model.builder()
+            .addShape(serviceShape)
+            .addShape(operationShape)
+            .build()
 
-        val result = serviceShape.needsSigning
-
-        assert(result).equals(false)
+        val hasAuthScheme = AWSSigningMiddleware.hasSigV4AuthScheme(model, serviceShape, operationShape)
+        assertFalse(hasAuthScheme)
     }
 
     @Test