Add Static and Environment credentials providers

Author: alextwoods

codegen/aws/core/src/main/java/software/amazon/smithy/python/aws/codegen/AwsAuthIntegration.java

@@ -45,15 +45,15 @@ public List<RuntimeClientPlugin> getClientPlugins(GenerationContext context) {
                                 .name("aws_credentials_identity_resolver")
                                 .documentation("Resolves AWS Credentials. Required for operations that use Sigv4 Auth.")
                                 .type(Symbol.builder()
-                                        .name("IdentityResolver[AWSCredentialIdentity, IdentityProperties]")
+                                        .name("IdentityResolver[AWSCredentialsIdentity, IdentityProperties]")
                                         .addReference(Symbol.builder()
                                                 .addDependency(SmithyPythonDependency.SMITHY_CORE)
                                                 .name("IdentityResolver")
                                                 .namespace("smithy_core.aio.interfaces.identity", ".")
                                                 .build())
                                         .addReference(Symbol.builder()
                                                 .addDependency(AwsPythonDependency.SMITHY_AWS_CORE)
-                                                .name("AWSCredentialIdentity")
+                                                .name("AWSCredentialsIdentity")
                                                 .namespace("smithy_aws_core.identity", ".")
                                                 .build())
                                         .addReference(Symbol.builder()
@@ -154,7 +154,7 @@ public Symbol getAuthOptionGenerator(GenerationContext context) {
         public Symbol getAuthSchemeSymbol(GenerationContext context) {
             return Symbol.builder()
                     .name("SigV4AuthScheme")
-                    .namespace("smithy_aws_core.auth.sigv4", ".")
+                    .namespace("smithy_aws_core.auth", ".")
                     .addDependency(AwsPythonDependency.SMITHY_AWS_CORE)
                     .build();
         }

codegen/core/src/main/java/software/amazon/smithy/python/codegen/ClientGenerator.java

@@ -416,6 +416,7 @@ async def _handle_attempt(
                             for option in auth_options:
                                 if option.scheme_id in config.http_auth_schemes:
                                     auth_option = option
+                                    break
 
                             signer: HTTPSigner[Any, Any] | None = None
                             identity: Identity | None = None

packages/smithy-aws-core/src/smithy_aws_core/auth/__init__.py

@@ -1,2 +1,6 @@
 #  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 #  SPDX-License-Identifier: Apache-2.0
+
+from .sigv4 import SigV4AuthScheme
+
+__all__ = ("SigV4AuthScheme",)

packages/smithy-aws-core/src/smithy_aws_core/auth/sigv4.py

@@ -3,7 +3,7 @@
 from dataclasses import dataclass
 from typing import Protocol
 
-from smithy_aws_core.identity import AWSCredentialIdentity
+from smithy_aws_core.identity import AWSCredentialsIdentity
 from smithy_core.aio.interfaces.identity import IdentityResolver
 from smithy_core.exceptions import SmithyIdentityException
 from smithy_core.interfaces.identity import IdentityProperties
@@ -13,25 +13,26 @@
 
 class SigV4Config(Protocol):
     aws_credentials_identity_resolver: (
-        IdentityResolver[AWSCredentialIdentity, IdentityProperties] | None
+        IdentityResolver[AWSCredentialsIdentity, IdentityProperties] | None
     )
 
 
 @dataclass(init=False)
 class SigV4AuthScheme(
     HTTPAuthScheme[
-        AWSCredentialIdentity, SigV4Config, IdentityProperties, SigV4SigningProperties
+        AWSCredentialsIdentity, SigV4Config, IdentityProperties, SigV4SigningProperties
     ]
 ):
     """SigV4 AuthScheme."""
 
     scheme_id: str
-    signer: HTTPSigner[AWSCredentialIdentity, SigV4SigningProperties]
+    signer: HTTPSigner[AWSCredentialsIdentity, SigV4SigningProperties]
 
     def __init__(
         self,
         *,
-        signer: HTTPSigner[AWSCredentialIdentity, SigV4SigningProperties] | None = None,
+        signer: HTTPSigner[AWSCredentialsIdentity, SigV4SigningProperties]
+        | None = None,
     ) -> None:
         """Constructor.
 
@@ -44,7 +45,7 @@ def __init__(
 
     def identity_resolver(
         self, *, config: SigV4Config
-    ) -> IdentityResolver[AWSCredentialIdentity, IdentityProperties]:
+    ) -> IdentityResolver[AWSCredentialsIdentity, IdentityProperties]:
         if not config.aws_credentials_identity_resolver:
             raise SmithyIdentityException(
                 "Attempted to use SigV4 auth, but aws_credentials_identity_resolver was not "

packages/smithy-aws-core/src/smithy_aws_core/credentials_resolvers/__init__.py

@@ -0,0 +1,6 @@
+#  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#  SPDX-License-Identifier: Apache-2.0
+from .environment_credentials_resolver import EnvironmentCredentialsResolver
+from .static_credentials_resolver import StaticCredentialsResolver
+
+__all__ = ("EnvironmentCredentialsResolver", "StaticCredentialsResolver")

packages/smithy-aws-core/src/smithy_aws_core/credentials_resolvers/environment_credentials_resolver.py

@@ -0,0 +1,34 @@
+#  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#  SPDX-License-Identifier: Apache-2.0
+import os
+
+from smithy_aws_core.identity import AWSCredentialsIdentity
+from smithy_core.aio.interfaces.identity import IdentityResolver
+from smithy_core.exceptions import SmithyIdentityException
+from smithy_core.interfaces.identity import IdentityProperties
+
+
+class EnvironmentCredentialsResolver(
+    IdentityResolver[AWSCredentialsIdentity, IdentityProperties]
+):
+    """Resolves AWS Credentials from system environment variables."""
+
+    async def get_identity(
+        self, *, identity_properties: IdentityProperties
+    ) -> AWSCredentialsIdentity:
+        access_key_id = os.getenv("AWS_ACCESS_KEY_ID")
+        secret_access_key = os.getenv("AWS_SECRET_ACCESS_KEY")
+        session_token = os.getenv("AWS_SESSION_TOKEN")
+        account_id = os.getenv("AWS_ACCOUNT_ID")
+
+        if access_key_id is None or secret_access_key is None:
+            raise SmithyIdentityException(
+                "AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are required"
+            )
+
+        return AWSCredentialsIdentity(
+            access_key_id=access_key_id,
+            secret_access_key=secret_access_key,
+            session_token=session_token,
+            account_id=account_id,
+        )

packages/smithy-aws-core/src/smithy_aws_core/credentials_resolvers/static_credentials_resolver.py

@@ -0,0 +1,19 @@
+#  Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#  SPDX-License-Identifier: Apache-2.0
+from smithy_aws_core.identity import AWSCredentialsIdentity
+from smithy_core.aio.interfaces.identity import IdentityResolver
+from smithy_core.interfaces.identity import IdentityProperties
+
+
+class StaticCredentialsResolver(
+    IdentityResolver[AWSCredentialsIdentity, IdentityProperties]
+):
+    """Resolve Static AWS Credentials."""
+
+    def __init__(self, *, credentials: AWSCredentialsIdentity) -> None:
+        self._credentials = credentials
+
+    async def get_identity(
+        self, *, identity_properties: IdentityProperties
+    ) -> AWSCredentialsIdentity:
+        return self._credentials

packages/smithy-aws-core/src/smithy_aws_core/identity.py

@@ -15,7 +15,7 @@
 from smithy_core.identity import Identity
 
 
-class AWSCredentialIdentity(Identity):
+class AWSCredentialsIdentity(Identity):
     """Container for AWS authentication credentials."""
 
     def __init__(
@@ -25,6 +25,7 @@ def __init__(
         secret_access_key: str,
         session_token: str | None = None,
         expiration: datetime | None = None,
+        account_id: str | None = None,
     ) -> None:
         """Initialize the AWSCredentialIdentity.
 
@@ -35,11 +36,13 @@ def __init__(
             the supplied credentials.
         :param expiration: The expiration time of the identity. If time zone is
             provided, it is updated to UTC. The value must always be in UTC.
+        :param account_id: The AWS account's ID.
         """
         super().__init__(expiration=expiration)
         self._access_key_id: str = access_key_id
         self._secret_access_key: str = secret_access_key
         self._session_token: str | None = session_token
+        self._account_id: str | None = account_id
 
     @property
     def access_key_id(self) -> str:
@@ -52,3 +55,7 @@ def secret_access_key(self) -> str:
     @property
     def session_token(self) -> str | None:
         return self._session_token
+
+    @property
+    def account_id(self) -> str | None:
+        return self._account_id