feat: http bearer token auth scheme support (#850)

Author: aajtodd

.changes/05b66c6f-0404-4b56-941a-a35fe64de9f9.json

@@ -0,0 +1,5 @@
+{
+    "id": "05b66c6f-0404-4b56-941a-a35fe64de9f9",
+    "type": "feature",
+    "description": "Add support for writing a file via PlatformProvider"
+}

.changes/5f6f317e-f5ca-4354-af23-e5c9e7d75d03.json

@@ -0,0 +1,5 @@
+{
+    "id": "5f6f317e-f5ca-4354-af23-e5c9e7d75d03",
+    "type": "misc",
+    "description": "Refactor CredentialsProviderChain into generic/re-usable IdentityProviderChain"
+}

.changes/967d3aa7-0921-4feb-a690-16e2f2592904.json

@@ -0,0 +1,5 @@
+{
+    "id": "967d3aa7-0921-4feb-a690-16e2f2592904",
+    "type": "feature",
+    "description": "Add support for bearer token auth schemes"
+}

codegen/smithy-kotlin-codegen/src/main/kotlin/software/amazon/smithy/kotlin/codegen/core/RuntimeTypes.kt

@@ -291,6 +291,10 @@ object RuntimeTypes {
             val AnonymousIdentityProvider = symbol("AnonymousIdentityProvider")
             val HttpAuthConfig = symbol("HttpAuthConfig")
             val HttpAuthScheme = symbol("HttpAuthScheme")
+
+            val BearerTokenAuthScheme = symbol("BearerTokenAuthScheme")
+            val BearerTokenProviderConfig = symbol("BearerTokenProviderConfig")
+            val BearerTokenProvider = symbol("BearerTokenProvider")
         }
 
         object HttpAuthAws : RuntimeTypePackage(KotlinDependency.HTTP_AUTH_AWS) {

codegen/smithy-kotlin-codegen/src/main/kotlin/software/amazon/smithy/kotlin/codegen/rendering/auth/BearerTokenAuthSchemeIntegration.kt

@@ -0,0 +1,85 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package software.amazon.smithy.kotlin.codegen.rendering.auth
+
+import software.amazon.smithy.codegen.core.Symbol
+import software.amazon.smithy.codegen.core.SymbolReference
+import software.amazon.smithy.kotlin.codegen.KotlinSettings
+import software.amazon.smithy.kotlin.codegen.core.CodegenContext
+import software.amazon.smithy.kotlin.codegen.core.KotlinWriter
+import software.amazon.smithy.kotlin.codegen.core.RuntimeTypes
+import software.amazon.smithy.kotlin.codegen.integration.AuthSchemeHandler
+import software.amazon.smithy.kotlin.codegen.integration.KotlinIntegration
+import software.amazon.smithy.kotlin.codegen.model.buildSymbol
+import software.amazon.smithy.kotlin.codegen.rendering.protocol.ProtocolGenerator
+import software.amazon.smithy.kotlin.codegen.rendering.util.ConfigProperty
+import software.amazon.smithy.kotlin.codegen.rendering.util.ConfigPropertyType
+import software.amazon.smithy.model.Model
+import software.amazon.smithy.model.knowledge.ServiceIndex
+import software.amazon.smithy.model.shapes.OperationShape
+import software.amazon.smithy.model.shapes.ShapeId
+import software.amazon.smithy.model.traits.HttpBearerAuthTrait
+
+/**
+ * Register support for the `smithy.api#HTTPBearerAuth` auth scheme.
+ */
+class BearerTokenAuthSchemeIntegration : KotlinIntegration {
+    // Allow integrations to customize the service config props, later integrations take precedence
+    override val order: Byte = -50
+
+    override fun enabledForService(model: Model, settings: KotlinSettings): Boolean =
+        ServiceIndex.of(model)
+            .getAuthSchemes(settings.service)
+            .containsKey(HttpBearerAuthTrait.ID)
+    override fun authSchemes(ctx: ProtocolGenerator.GenerationContext): List<AuthSchemeHandler> = listOf(BearerTokenAuthSchemeHandler())
+
+    override fun additionalServiceConfigProps(ctx: CodegenContext): List<ConfigProperty> {
+        val bearerTokenProviderProp = ConfigProperty {
+            name = "bearerTokenProvider"
+            symbol = RuntimeTypes.Auth.HttpAuth.BearerTokenProvider
+            baseClass = RuntimeTypes.Auth.HttpAuth.BearerTokenProviderConfig
+            useNestedBuilderBaseClass()
+            documentation = """
+                The token provider to use for authenticating requests when using [${RuntimeTypes.Auth.HttpAuth.BearerTokenAuthScheme.fullName}].
+                NOTE: The caller is responsible for managing the lifetime of the provider when set. The SDK
+                client will not close it when the client is closed.
+            """.trimIndent()
+
+            // FIXME - this isn't necessarily required if a service supports multiple authentication traits...
+            propertyType = ConfigPropertyType.Required()
+        }
+
+        return listOf(bearerTokenProviderProp)
+    }
+}
+
+class BearerTokenAuthSchemeHandler : AuthSchemeHandler {
+    override val authSchemeId: ShapeId = HttpBearerAuthTrait.ID
+
+    override val authSchemeIdSymbol: Symbol = buildSymbol {
+        name = "AuthSchemeId.HttpBearer"
+        val ref = RuntimeTypes.Auth.Identity.AuthSchemeId
+        objectRef = ref
+        namespace = ref.namespace
+        reference(ref, SymbolReference.ContextOption.USE)
+    }
+
+    override fun identityProviderAdapterExpression(writer: KotlinWriter) {
+        writer.write("config.bearerTokenProvider")
+    }
+
+    override fun authSchemeProviderInstantiateAuthOptionExpr(
+        ctx: ProtocolGenerator.GenerationContext,
+        op: OperationShape?,
+        writer: KotlinWriter,
+    ) {
+        writer.write("#T(#T.HttpBearer)", RuntimeTypes.Auth.Identity.AuthSchemeOption, RuntimeTypes.Auth.Identity.AuthSchemeId)
+    }
+
+    override fun instantiateAuthSchemeExpr(ctx: ProtocolGenerator.GenerationContext, writer: KotlinWriter) {
+        writer.write("#T()", RuntimeTypes.Auth.HttpAuth.BearerTokenAuthScheme)
+    }
+}

codegen/smithy-kotlin-codegen/src/main/kotlin/software/amazon/smithy/kotlin/codegen/rendering/protocol/HttpProtocolClientGenerator.kt

@@ -86,6 +86,8 @@ abstract class HttpProtocolClientGenerator(
         // render auth resolver related properties
         writer.write("private val identityProviderConfig = #T(config)", IdentityProviderConfigGenerator.getSymbol(ctx.settings))
 
+        // FIXME - we probably need a way for auth handlers to signal that they are configured (e.g. config properties are not null). Right now this assumes
+        // they are all configured but a service may support multiple auth schemes and a client may not need to configure all of them
         writer.withBlock(
             "private val configuredAuthSchemes = with(config.authSchemes.associateBy(#T::schemeId).toMutableMap()){",
             "}",

codegen/smithy-kotlin-codegen/src/main/resources/META-INF/services/software.amazon.smithy.kotlin.codegen.integration.KotlinIntegration

@@ -5,3 +5,4 @@ software.amazon.smithy.kotlin.codegen.rendering.PaginatorGenerator
 software.amazon.smithy.kotlin.codegen.rendering.waiters.ServiceWaitersGenerator
 software.amazon.smithy.kotlin.codegen.rendering.auth.Sigv4AuthSchemeIntegration
 software.amazon.smithy.kotlin.codegen.rendering.auth.AnonymousAuthSchemeIntegration
+software.amazon.smithy.kotlin.codegen.rendering.auth.BearerTokenAuthSchemeIntegration

gradle.properties

@@ -6,7 +6,7 @@ kotlin.native.ignoreDisabledTargets=true
 kotlin.mpp.enableCompatibilityMetadataVariant=true
 
 # SDK
-sdkVersion=0.18.1-SNAPSHOT
+sdkVersion=0.19.0-SNAPSHOT
 
 # kotlin
 kotlinVersion=1.8.10
@@ -44,4 +44,4 @@ kotlinLoggingVersion=3.0.0
 slf4jVersion=2.0.6
 
 # crt
-crtKotlinVersion=0.6.8
+crtKotlinVersion=0.6.8

runtime/auth/aws-credentials/api/aws-credentials.api

@@ -38,12 +38,9 @@ public abstract interface class aws/smithy/kotlin/runtime/auth/awscredentials/Cr
 	public abstract fun resolve (Laws/smithy/kotlin/runtime/util/Attributes;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;
 }
 
-public class aws/smithy/kotlin/runtime/auth/awscredentials/CredentialsProviderChain : aws/smithy/kotlin/runtime/auth/awscredentials/CloseableCredentialsProvider {
+public final class aws/smithy/kotlin/runtime/auth/awscredentials/CredentialsProviderChain : aws/smithy/kotlin/runtime/identity/IdentityProviderChain, aws/smithy/kotlin/runtime/auth/awscredentials/CredentialsProvider {
 	public fun <init> ([Laws/smithy/kotlin/runtime/auth/awscredentials/CredentialsProvider;)V
-	public fun close ()V
-	protected final fun getProviders ()[Laws/smithy/kotlin/runtime/auth/awscredentials/CredentialsProvider;
 	public fun resolve (Laws/smithy/kotlin/runtime/util/Attributes;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;
-	public fun toString ()Ljava/lang/String;
 }
 
 public abstract interface class aws/smithy/kotlin/runtime/auth/awscredentials/CredentialsProviderConfig {

runtime/auth/aws-credentials/common/src/aws/smithy/kotlin/runtime/auth/awscredentials/Credentials.kt

@@ -15,6 +15,7 @@ import aws.smithy.kotlin.runtime.util.mutableAttributes
  *
  * For more information see [AWS security credentials](https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html#AccessKeys)
  */
+// FIXME - should probably be an interface
 public data class Credentials(
     val accessKeyId: String,
     val secretAccessKey: String,