feat: enable auth resolution via endpoints (#993)

Author: aajtodd

.changes/0be03245-2d3e-4bac-8bea-f893b29b6539.json

@@ -0,0 +1,5 @@
+{
+    "id": "0be03245-2d3e-4bac-8bea-f893b29b6539",
+    "type": "feature",
+    "description": "Enable resolving auth schemes via endpoint resolution"
+}

build.gradle.kts

@@ -15,7 +15,7 @@ buildscript {
         // Add our custom gradle plugin(s) to buildscript classpath (comes from github source)
         classpath("aws.sdk.kotlin:build-plugins") {
             version {
-                require("0.2.8")
+                require("0.2.9")
             }
         }
     }

codegen/smithy-kotlin-codegen/src/main/kotlin/software/amazon/smithy/kotlin/codegen/KotlinSettings.kt

@@ -263,16 +263,20 @@ enum class DefaultValueSerializationMode(val value: String) {
  * @param visibility Enum representing the visibility of code-generated classes, objects, interfaces, etc.
  * @param nullabilityCheckMode Enum representing the nullability check mode to use
  * @param defaultValueSerializationMode Enum representing when default values should be serialized
+ * @param enableEndpointAuthProvider flag indicating that endpoint resolution should be enabled as part of resolving
+ * an auth scheme. This is an advanced option that only a select few service clients like S3 and EventBridge require.
  */
 data class ApiSettings(
     val visibility: Visibility = Visibility.PUBLIC,
     val nullabilityCheckMode: CheckMode = CheckMode.CLIENT_CAREFUL,
     val defaultValueSerializationMode: DefaultValueSerializationMode = DefaultValueSerializationMode.WHEN_DIFFERENT,
+    val enableEndpointAuthProvider: Boolean = false,
 ) {
     companion object {
         const val VISIBILITY = "visibility"
         const val NULLABILITY_CHECK_MODE = "nullabilityCheckMode"
         const val DEFAULT_VALUE_SERIALIZATION_MODE = "defaultValueSerializationMode"
+        const val ENABLE_ENDPOINT_AUTH_PROVIDER = "enableEndpointAuthProvider"
 
         fun fromNode(node: Optional<ObjectNode>): ApiSettings = node.map {
             val visibility = node.get()
@@ -290,7 +294,8 @@ data class ApiSettings(
                         DefaultValueSerializationMode.WHEN_DIFFERENT.value,
                     ),
             )
-            ApiSettings(visibility, checkMode, defaultValueSerializationMode)
+            val enableEndpointAuthProvider = node.get().getBooleanMemberOrDefault(ENABLE_ENDPOINT_AUTH_PROVIDER, false)
+            ApiSettings(visibility, checkMode, defaultValueSerializationMode, enableEndpointAuthProvider)
         }.orElse(Default)
 
         /**

codegen/smithy-kotlin-codegen/src/main/kotlin/software/amazon/smithy/kotlin/codegen/core/AbstractCodeWriterExt.kt

@@ -150,6 +150,14 @@ inline fun <W : AbstractCodeWriter<W>, reified V> AbstractCodeWriter<W>.getConte
  */
 inline fun <W : AbstractCodeWriter<W>, reified V> AbstractCodeWriter<W>.getContextValue(key: SectionKey<V>): V = getContextValue(key.name)
 
+/**
+ * Convenience function to set context only if there is no value already associated with the given [key]
+ */
+fun <W : AbstractCodeWriter<W>> AbstractCodeWriter<W>.putMissingContext(key: String, value: Any) {
+    if (getContext(key) != null) return
+    putContext(key, value)
+}
+
 typealias InlineCodeWriter = AbstractCodeWriter<*>.() -> Unit
 
 /**

codegen/smithy-kotlin-codegen/src/main/kotlin/software/amazon/smithy/kotlin/codegen/core/RuntimeTypes.kt

@@ -35,6 +35,7 @@ object RuntimeTypes {
         object Request : RuntimeTypePackage(KotlinDependency.HTTP, "request") {
             val HttpRequest = symbol("HttpRequest")
             val HttpRequestBuilder = symbol("HttpRequestBuilder")
+            val immutableView = symbol("immutableView")
             val url = symbol("url")
             val headers = symbol("headers")
             val toBuilder = symbol("toBuilder")
@@ -198,11 +199,8 @@ object RuntimeTypes {
             val EndpointProvider = symbol("EndpointProvider")
             val Endpoint = symbol("Endpoint")
             val EndpointProviderException = symbol("EndpointProviderException")
-            val SigningContext = symbol("SigningContext")
             val SigningContextAttributeKey = symbol("SigningContextAttributeKey")
-
-            @get:JvmName("getSigningContextExtMethod")
-            val signingContext = symbol("signingContext")
+            val authOptions = symbol("authOptions")
             object Functions : RuntimeTypePackage(KotlinDependency.SMITHY_CLIENT, "endpoints.functions") {
                 val substring = symbol("substring")
                 val isValidHostLabel = symbol("isValidHostLabel")
@@ -314,7 +312,9 @@ object RuntimeTypes {
         object HttpAuthAws : RuntimeTypePackage(KotlinDependency.HTTP_AUTH_AWS) {
             val AwsHttpSigner = symbol("AwsHttpSigner")
             val SigV4AuthScheme = symbol("SigV4AuthScheme")
-            val sigv4 = symbol("sigv4")
+            val mergeAuthOptions = symbol("mergeAuthOptions")
+            val sigV4 = symbol("sigV4")
+            val sigV4A = symbol("sigV4A")
         }
     }
 

codegen/smithy-kotlin-codegen/src/main/kotlin/software/amazon/smithy/kotlin/codegen/rendering/ServiceClientConfigGenerator.kt

@@ -130,7 +130,13 @@ class ServiceClientConfigGenerator(
             .map { it.additionalServiceConfigProps(ctx).byName() }
             .forEach(allPropsByName::putAll)
 
+        writer.pushState()
+        // Service client config is always nested inside the service client interface. Its visibility is taken
+        // from that type. If the interface is `internal` then trying to use `internal` as the visibility on the
+        // nested config class is a compilation error.
+        writer.putContext("visibility", "public")
         super.render(ctx, allPropsByName.values.toList(), writer)
+        writer.popState()
     }
 
     override fun renderBuilderBuildMethod(writer: KotlinWriter) {

codegen/smithy-kotlin-codegen/src/main/kotlin/software/amazon/smithy/kotlin/codegen/rendering/auth/AuthSchemeParametersGenerator.kt

@@ -9,18 +9,19 @@ import software.amazon.smithy.codegen.core.Symbol
 import software.amazon.smithy.codegen.core.SymbolProvider
 import software.amazon.smithy.kotlin.codegen.KotlinSettings
 import software.amazon.smithy.kotlin.codegen.core.CodegenContext
+import software.amazon.smithy.kotlin.codegen.core.KotlinWriter
 import software.amazon.smithy.kotlin.codegen.core.clientName
 import software.amazon.smithy.kotlin.codegen.core.withBlock
 import software.amazon.smithy.kotlin.codegen.integration.KotlinIntegration
+import software.amazon.smithy.kotlin.codegen.model.asNullable
 import software.amazon.smithy.kotlin.codegen.model.buildSymbol
+import software.amazon.smithy.kotlin.codegen.rendering.endpoints.EndpointParametersGenerator
 import software.amazon.smithy.kotlin.codegen.rendering.protocol.ProtocolGenerator
 import software.amazon.smithy.kotlin.codegen.rendering.util.AbstractConfigGenerator
 import software.amazon.smithy.kotlin.codegen.rendering.util.ConfigProperty
 import software.amazon.smithy.kotlin.codegen.rendering.util.ConfigPropertyType
 import software.amazon.smithy.model.Model
 
-// FIXME - TBD where parameters are actually sourced from.
-
 /**
  * Generate the input type used for resolving authentication schemes
  */
@@ -32,35 +33,13 @@ class AuthSchemeParametersGenerator : AbstractConfigGenerator() {
             namespace = "${settings.pkg.name}.auth"
             definitionFile = "$name.kt"
         }
-
-        fun getImplementationSymbol(settings: KotlinSettings): Symbol = buildSymbol {
-            val prefix = clientName(settings.sdkId)
-            name = "${prefix}AuthSchemeParametersImpl"
-            namespace = "${settings.pkg.name}.auth"
-            definitionFile = "$name.kt"
-        }
     }
 
-    override val visibility: String = "internal"
-
     fun render(ctx: ProtocolGenerator.GenerationContext) {
         val symbol = getSymbol(ctx.settings)
-        val implSymbol = getImplementationSymbol(ctx.settings)
 
         ctx.delegator.useSymbolWriter(symbol) { writer ->
-            writer.withBlock(
-                "#L interface #T {",
-                "}",
-                ctx.settings.api.visibility,
-                symbol,
-            ) {
-                dokka("The name of the operation currently being invoked.")
-                write("public val operationName: String")
-            }
-        }
-
-        ctx.delegator.useSymbolWriter(implSymbol) { writer ->
-            writer.putContext("configClass.name", implSymbol.name)
+            writer.putContext("configClass.name", symbol.name)
 
             val codegenCtx = object : CodegenContext {
                 override val model: Model = ctx.model
@@ -76,11 +55,77 @@ class AuthSchemeParametersGenerator : AbstractConfigGenerator() {
             ).toBuilder()
                 .apply {
                     propertyType = ConfigPropertyType.Required("operationName is a required auth scheme parameter")
-                    baseClass = symbol
                 }.build()
 
-            val props = listOf(operationName)
+            val endpointParamsProperty = ConfigProperty {
+                name = "endpointParameters"
+                this.symbol = EndpointParametersGenerator.getSymbol(ctx.settings).asNullable()
+                documentation = """
+                    The parameters used for endpoint resolution. The default implementation of this interface 
+                    relies on endpoint metadata to resolve auth scheme candidates.
+                """.trimIndent()
+            }.takeIf { ctx.settings.api.enableEndpointAuthProvider }
+
+            val props = listOfNotNull(operationName, endpointParamsProperty)
             render(codegenCtx, props, writer)
         }
     }
+
+    override fun renderAdditionalMethods(ctx: CodegenContext, props: List<ConfigProperty>, writer: KotlinWriter) {
+        writer.write("")
+        renderToString(ctx, props, writer)
+        writer.write("")
+        renderEquals(ctx, props, writer)
+        writer.write("")
+        renderHashCode(props, writer)
+        writer.write("")
+        renderCopy(ctx, props, writer)
+    }
+
+    private fun renderEquals(ctx: CodegenContext, props: List<ConfigProperty>, writer: KotlinWriter) {
+        writer.withBlock("override fun equals(other: Any?): Boolean {", "}") {
+            write("if (this === other) return true")
+            write("if (other !is #T) return false", getSymbol(ctx.settings))
+            props.forEach { prop ->
+                write("if (this.#1L != other.#1L) return false", prop.propertyName)
+            }
+            write("return true")
+        }
+    }
+    private fun renderToString(ctx: CodegenContext, props: List<ConfigProperty>, writer: KotlinWriter) {
+        writer.withBlock("override fun toString(): String = buildString {", "}") {
+            write("append(\"#L(\")", getSymbol(ctx.settings).name)
+            props.forEachIndexed { idx, prop ->
+                write("""append("#1L=$#1L#2L")""", prop.propertyName, if (idx < props.size - 1) "," else ")")
+            }
+        }
+    }
+
+    private fun renderHashCode(props: List<ConfigProperty>, writer: KotlinWriter) {
+        writer.withBlock("override fun hashCode(): Int {", "}") {
+            if (props.isEmpty()) {
+                write("return this::class.hashCode()")
+                return@withBlock
+            }
+
+            write("var result = #L?.hashCode() ?: 0", props[0].propertyName)
+            props.drop(1).forEach {
+                write("result = 31 * result + (#L?.hashCode() ?: 0)", it.propertyName)
+            }
+            write("return result")
+        }
+    }
+
+    private fun renderCopy(ctx: CodegenContext, props: List<ConfigProperty>, writer: KotlinWriter) {
+        val symbol = getSymbol(ctx.settings)
+        writer.withBlock("#visibility:L fun copy(block: Builder.() -> Unit = {}): #T {", "}", symbol) {
+            withBlock("return Builder().apply {", "}") {
+                props.forEach {
+                    write("#1L = this@#2L.#1L", it.propertyName, symbol.name)
+                }
+                write("block()")
+            }
+            write(".build()")
+        }
+    }
 }

codegen/smithy-kotlin-codegen/src/main/kotlin/software/amazon/smithy/kotlin/codegen/rendering/auth/AuthSchemeProviderAdapterGenerator.kt

@@ -11,6 +11,7 @@ import software.amazon.smithy.kotlin.codegen.core.RuntimeTypes
 import software.amazon.smithy.kotlin.codegen.core.clientName
 import software.amazon.smithy.kotlin.codegen.core.withBlock
 import software.amazon.smithy.kotlin.codegen.model.buildSymbol
+import software.amazon.smithy.kotlin.codegen.rendering.endpoints.EndpointResolverAdapterGenerator
 import software.amazon.smithy.kotlin.codegen.rendering.protocol.ProtocolGenerator
 
 /**
@@ -32,10 +33,10 @@ class AuthSchemeProviderAdapterGenerator {
         ctx.delegator.useSymbolWriter(symbol) { writer ->
             writer.dokka("Adapts the service specific auth scheme resolver to the agnostic runtime interface and binds the auth parameters")
             writer.withBlock(
-                "internal class #T(private val delegate: #T): #T {",
+                "internal class #T(private val config: #T.Config): #T {",
                 "}",
                 symbol,
-                AuthSchemeProviderGenerator.getSymbol(ctx.settings),
+                ctx.symbolProvider.toSymbol(ctx.service),
                 RuntimeTypes.HttpClient.Operation.AuthSchemeResolver,
             ) {
                 withBlock(
@@ -44,12 +45,23 @@ class AuthSchemeProviderAdapterGenerator {
                     RuntimeTypes.HttpClient.Operation.SdkHttpRequest,
                     RuntimeTypes.Auth.Identity.AuthOption,
                 ) {
-                    withBlock("val params = #T {", "}", AuthSchemeParametersGenerator.getImplementationSymbol(ctx.settings)) {
+                    withBlock("val params = #T {", "}", AuthSchemeParametersGenerator.getSymbol(ctx.settings)) {
                         addImport(RuntimeTypes.Core.Utils.get)
                         write("operationName = request.context[#T.OperationName]", RuntimeTypes.SmithyClient.SdkClientOption)
+
+                        if (ctx.settings.api.enableEndpointAuthProvider) {
+                            write(
+                                "val resolveEndpointReq = #T(request.context, request.subject.#T(), #T)",
+                                RuntimeTypes.HttpClient.Operation.ResolveEndpointRequest,
+                                RuntimeTypes.Http.Request.immutableView,
+                                RuntimeTypes.Auth.HttpAuth.AnonymousIdentity,
+                            )
+
+                            write("endpointParameters = #T(config, resolveEndpointReq)", EndpointResolverAdapterGenerator.getResolveEndpointParamsFn(ctx.settings))
+                        }
                     }
 
-                    write("return delegate.resolveAuthScheme(params)")
+                    write("return config.authSchemeProvider.resolveAuthScheme(params)")
                 }
             }
         }

codegen/smithy-kotlin-codegen/src/main/kotlin/software/amazon/smithy/kotlin/codegen/rendering/auth/AuthSchemeProviderConfigIntegration.kt

@@ -16,13 +16,20 @@ class AuthSchemeProviderConfigIntegration : KotlinIntegration {
     override fun additionalServiceConfigProps(ctx: CodegenContext): List<ConfigProperty> {
         if (ctx.protocolGenerator == null) return super.additionalServiceConfigProps(ctx)
         val defaultProvider = AuthSchemeProviderGenerator.getDefaultSymbol(ctx.settings)
+
         return listOf(
             ConfigProperty {
                 name = "authSchemeProvider"
                 symbol = AuthSchemeProviderGenerator.getSymbol(ctx.settings)
                 documentation = "Configure the provider used to resolve the authentication scheme to use for a particular operation."
                 additionalImports = listOf(defaultProvider)
-                propertyType = ConfigPropertyType.RequiredWithDefault(defaultProvider.name)
+                if (ctx.settings.api.enableEndpointAuthProvider) {
+                    propertyType = ConfigPropertyType.RequiredWithDefault("${defaultProvider.name}(endpointProvider)")
+                } else {
+                    propertyType = ConfigPropertyType.RequiredWithDefault("${defaultProvider.name}()")
+                }
+                // needs to come after endpointProvider
+                order = 100
             },
         )
     }

codegen/smithy-kotlin-codegen/src/main/kotlin/software/amazon/smithy/kotlin/codegen/rendering/auth/AuthSchemeProviderGenerator.kt

@@ -12,6 +12,7 @@ import software.amazon.smithy.kotlin.codegen.integration.AuthSchemeHandler
 import software.amazon.smithy.kotlin.codegen.lang.KotlinTypes
 import software.amazon.smithy.kotlin.codegen.model.buildSymbol
 import software.amazon.smithy.kotlin.codegen.model.knowledge.AuthIndex
+import software.amazon.smithy.kotlin.codegen.rendering.endpoints.EndpointProviderGenerator
 import software.amazon.smithy.kotlin.codegen.rendering.protocol.ProtocolGenerator
 import software.amazon.smithy.model.shapes.OperationShape
 
@@ -63,12 +64,12 @@ open class AuthSchemeProviderGenerator {
     }
 
     private fun renderDefaultImpl(ctx: ProtocolGenerator.GenerationContext, writer: KotlinWriter) {
-        // FIXME - probably can't remain an object
         writer.withBlock(
-            "#L object #T : #T {",
+            "#L class #T(private val endpointProvider: #T? = null) : #T {",
             "}",
             ctx.settings.api.visibility,
             getDefaultSymbol(ctx.settings),
+            EndpointProviderGenerator.getSymbol(ctx.settings),
             getSymbol(ctx.settings),
         ) {
             val paramsSymbol = AuthSchemeParametersGenerator.getSymbol(ctx.settings)
@@ -108,9 +109,24 @@ open class AuthSchemeProviderGenerator {
                 paramsSymbol,
                 RuntimeTypes.Auth.Identity.AuthOption,
             ) {
-                withBlock("return operationOverrides.getOrElse(params.operationName) {", "}") {
+                withBlock("val modeledAuthOptions = operationOverrides.getOrElse(params.operationName) {", "}") {
                     write("serviceDefaults")
                 }
+
+                if (ctx.settings.api.enableEndpointAuthProvider) {
+                    write("")
+                    write("val endpointParams = params.endpointParameters")
+                    openBlock("val endpointAuthOptions = if (endpointProvider != null && endpointParams != null) {")
+                        .write("val endpoint = endpointProvider.resolveEndpoint(endpointParams)")
+                        .write("endpoint.#T", RuntimeTypes.SmithyClient.Endpoints.authOptions)
+                        .closeAndOpenBlock("} else {")
+                        .write("emptyList()")
+                        .closeBlock("}")
+                    write("")
+                    write("return #T(modeledAuthOptions, endpointAuthOptions)", RuntimeTypes.Auth.HttpAuthAws.mergeAuthOptions)
+                } else {
+                    write("return modeledAuthOptions")
+                }
             }
 
             // render any helper methods