Support --aws-profile option for AWS auth.

Author: franco2002lu

cli/build.gradle.kts

@@ -8,6 +8,7 @@ dependencies {
     implementation(libs.picocli)
     annotationProcessor(libs.picocli.codegen)
 
+    implementation(libs.aws.sdk.auth)
     implementation(libs.smithy.aws.traits)
     implementation(libs.smithy.waiters)
 
@@ -22,6 +23,7 @@ dependencies {
     implementation(project(":client:client-http"))
     implementation(project(":aws:client:aws-client-core"))
     implementation(project(":aws:aws-sigv4"))
+    implementation(project(":aws:sdkv2:aws-sdkv2-auth"))
 
     testImplementation(platform(libs.junit.bom))
     testImplementation(libs.junit.jupiter.api)

cli/src/main/java/software/amazon/smithy/java/cli/SmithyCall.java

@@ -24,6 +24,7 @@
 import picocli.CommandLine.Command;
 import picocli.CommandLine.Option;
 import picocli.CommandLine.ArgGroup;
+import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
 import software.amazon.smithy.aws.traits.ServiceTrait;
 import software.amazon.smithy.aws.traits.auth.SigV4Trait;
 import software.amazon.smithy.java.aws.client.auth.scheme.sigv4.SigV4AuthScheme;
@@ -32,6 +33,7 @@
 import software.amazon.smithy.java.aws.client.core.settings.RegionSetting;
 import software.amazon.smithy.java.aws.client.restjson.RestJsonClientProtocol;
 import software.amazon.smithy.java.aws.client.restxml.RestXmlClientProtocol;
+import software.amazon.smithy.java.aws.sdkv2.auth.SdkCredentialsResolver;
 import software.amazon.smithy.java.client.core.auth.scheme.AuthSchemeResolver;
 import software.amazon.smithy.java.client.core.endpoint.EndpointResolver;
 import software.amazon.smithy.java.client.rpcv2.RpcV2CborProtocol;
@@ -95,6 +97,9 @@ static class Authentication {
 
         @Option(names = { "--aws-region" }, description = "AWS region for SigV4 authentication")
         private String awsRegion;
+
+        @Option(names = { "--aws-profile", "--profile"}, description = "AWS profile to use for authentication")
+        private String awsProfile;
     }
 
     @Override
@@ -272,8 +277,15 @@ private void configureAuth(DynamicClient.Builder builder, ShapeId serviceInput,
                     LOGGER.fine("Configuring SigV4 authentication with service signing name detected in model: " + signingName);
                     builder.putConfig(RegionSetting.REGION, auth.awsRegion)
                             .putSupportedAuthSchemes(new SigV4AuthScheme(signingName))
-                            .authSchemeResolver(AuthSchemeResolver.DEFAULT)
-                            .addIdentityResolver(new EnvironmentVariableIdentityResolver());
+                            .authSchemeResolver(AuthSchemeResolver.DEFAULT);
+
+                    if (auth.awsProfile != null) {
+                        var profileBuilder = ProfileCredentialsProvider.builder()
+                                .profileName(auth.awsProfile);
+                        builder.addIdentityResolver(new SdkCredentialsResolver(profileBuilder.build()));
+                    } else {
+                        builder.addIdentityResolver(new EnvironmentVariableIdentityResolver());
+                    }
                     break;
                 case "none":
                     builder.authSchemeResolver(AuthSchemeResolver.NO_AUTH);

cli/src/test/java/software/amazon/smithy/java/cli/SmithyCallTest.java

@@ -30,6 +30,7 @@ class SmithyCallTest {
     private final PrintStream originalErr = System.err;
     private static HttpServer MOCK_SERVER;
     private static int PORT;
+    private static volatile String lastAuthorizationHeader;
 
     private final ByteArrayOutputStream outContent = new ByteArrayOutputStream();
     private final ByteArrayOutputStream errContent = new ByteArrayOutputStream();
@@ -46,6 +47,9 @@ static void setUpServer() throws IOException {
         MOCK_SERVER.setExecutor(Executors.newFixedThreadPool(1));
 
         MOCK_SERVER.createContext("/", exchange -> {
+            // Capture Authorization header for tests that need it
+            lastAuthorizationHeader = exchange.getRequestHeaders().getFirst("Authorization");
+
             String requestBody;
             try (InputStream is = exchange.getRequestBody()) {
                 requestBody = new String(is.readAllBytes(), StandardCharsets.UTF_8);
@@ -92,6 +96,7 @@ static void tearDownServer() {
 
     @BeforeEach
     void setUp() {
+        lastAuthorizationHeader = null;  // Reset captured header for each test
         commandLine = new CommandLine(new SmithyCall())
             .setCaseInsensitiveEnumValuesAllowed(true);
         System.setOut(new PrintStream(outContent));
@@ -346,6 +351,82 @@ void testWithNoAWSRegion() {
         assertTrue(error.contains("SigV4 auth requires --aws-region to be set."));
     }
 
+    @Test
+    void testWithAWSProfileOption() throws IOException {
+        // Create temporary AWS credentials file with test profile
+        Path awsDir = tempDir.resolve(".aws");
+        Files.createDirectories(awsDir);
+        Path credentialsFile = awsDir.resolve("credentials");
+        String credentialsContent = """
+            [test-profile]
+            aws_access_key_id = AKIAIOSFODNN7EXAMPLE
+            aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+            """;
+        Files.writeString(credentialsFile, credentialsContent);
+
+        // Point AWS SDK to our temporary credentials file
+        String originalCredentialsFile = System.getProperty("aws.sharedCredentialsFile");
+        System.setProperty("aws.sharedCredentialsFile", credentialsFile.toString());
+
+        try {
+            Path modelFile = tempDir.resolve("sprockets-sigv4.smithy");
+            String modelContent = """
+                $version: "2"
+                namespace smithy.example
+
+                use aws.auth#sigv4
+
+                @aws.protocols#awsJson1_0
+                @sigv4(name: "execute-api")
+                service Sprockets {
+                    operations: [CreateSprocket]
+                }
+
+                operation CreateSprocket {
+                    input := {}
+                    output := {
+                        id: String
+                    }
+                }
+                """;
+            Files.writeString(modelFile, modelContent);
+
+            String[] args = {
+                    "smithy.example#Sprockets",
+                    "CreateSprocket",
+                    "--model-path", tempDir.toString(),
+                    "--url", "http://localhost:" + PORT,
+                    "--auth", "sigv4",
+                    "--aws-region", "us-west-2",
+                    "--aws-profile", "test-profile",
+                    "--protocol", "aws_json",
+                    "--input-json", "{}"
+            };
+
+            int exitCode = commandLine.execute(args);
+
+            String stdErr = errContent.toString();
+            String stdOut = outContent.toString();
+
+            // Verify that the request was signed with SigV4 using profile credentials
+            assertTrue(lastAuthorizationHeader != null && lastAuthorizationHeader.startsWith("AWS4-HMAC-SHA256"),
+                "Authorization header with AWS4-HMAC-SHA256 signature should be present when using --aws-profile. " +
+                "Captured header: " + lastAuthorizationHeader + ", Exit code: " + exitCode +
+                ", stderr: " + stdErr + ", stdout: " + stdOut);
+
+            assertEquals(0, exitCode, "Command should succeed. stderr: " + stdErr);
+            String output = stdOut.trim();
+            assertTrue(output.contains("sprocket-123"));
+        } finally {
+            // Restore original system property
+            if (originalCredentialsFile != null) {
+                System.setProperty("aws.sharedCredentialsFile", originalCredentialsFile);
+            } else {
+                System.clearProperty("aws.sharedCredentialsFile");
+            }
+        }
+    }
+
     @Test
     void testWithUnknownTraits() {
         Path modelFile = tempDir.resolve("sprockets-unknown-traits.smithy");