Skip to content

Sigv4 AuthScheme + Static/Environment Credentials Providers #406

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Mar 11, 2025
Merged

Sigv4 AuthScheme + Static/Environment Credentials Providers #406

merged 10 commits into from
Mar 11, 2025

Conversation

@alextwoods
Copy link
Contributor

@alextwoods alextwoods commented Mar 5, 2025
edited
Loading

Description of changes:
Adds the Sigv4 AuthScheme to the AWS AuthIntegration and wires up the identity provider/auth params configs.

Generated Examples:

config.py:

@dataclass(init=False)
class Config:
    """Configuration for AmazonBedrockFrontendService."""
     # .... other properties
    aws_credentials_identity_resolver: (
        IdentityResolver[AWSCredentialIdentity, IdentityProperties] | None
    )
    region: str | None

auth.py:

@dataclass
class HTTPAuthParams:
    operation: str
    region: str | None


class HTTPAuthSchemeResolver:
    def resolve_auth_scheme(
        self, auth_parameters: HTTPAuthParams
    ) -> list[HTTPAuthOption]:
        auth_options: list[HTTPAuthOption] = []

        if (option := _generate_sigv4_option(auth_parameters)) is not None:
            auth_options.append(option)

        return auth_options


def _generate_sigv4_option(auth_params: HTTPAuthParams) -> HTTPAuthOption | None:
    return HTTPAuthOption(
        scheme_id="aws.auth#sigv4",
        identity_properties={},
        signer_properties={"service": "bedrock", "region": auth_params.region},
    )

client.py:

auth_parameters: HTTPAuthParams = HTTPAuthParams(
                operation=operation_name,
                region=config.region,
            )

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@alextwoods alextwoods changed the title Sigv4 AuthScheme + wire up codegen Sigv4 AuthScheme + Static/Environment Credentials Providers Mar 5, 2025
@alextwoods alextwoods marked this pull request as ready for review March 6, 2025 19:56
@alextwoods alextwoods requested a review from a team as a code owner March 6, 2025 19:56
jonathan343
jonathan343 reviewed Mar 8, 2025
View reviewed changes
JordonPhillips
JordonPhillips reviewed Mar 10, 2025
View reviewed changes
...gen/aws/core/src/main/java/software/amazon/smithy/python/aws/codegen/AwsAuthIntegration.java
Comment on lines +84 to +85
// This needs to be generated because there's modeled parameters that
// must be accounted for.
Copy link
Contributor

@JordonPhillips JordonPhillips Mar 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tragic

Copy link
Contributor Author

@alextwoods alextwoods Mar 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the alternative would be to add signingService as an auth param. We would then need a way to wire that up during the request. It could be an undocumented config property or have it somewhere else.

JordonPhillips
JordonPhillips requested changes Mar 10, 2025
View reviewed changes
packages/smithy-aws-core/src/smithy_aws_core/auth/sigv4.py Outdated
):
"""SigV4 AuthScheme."""

scheme_id: str
Copy link
Contributor

@JordonPhillips JordonPhillips Mar 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
scheme_id: str
scheme_id: Final = "aws.auth#sigv4"

Well this should also be a ShapeID but that's probably a bit more involved to do just now.

Copy link
Contributor Author

@alextwoods alextwoods Mar 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I think we'd need to update the HttpAuthScheme protocol as well for that. I wasn't able to update this to Final without changing the HttpAuthScheme as well, which breaks with Final (since nothing is initialized on it).

For now, I've left the type as str but moved the initialization of it out of __init__

@alextwoods alextwoods merged commit c6fb91e into smithy-lang:develop Mar 11, 2025
2 checks passed
@alextwoods alextwoods deleted the codegen_sigv4_auth branch March 11, 2025 15:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nateprewitt nateprewitt nateprewitt left review comments

@JordonPhillips JordonPhillips JordonPhillips approved these changes

@jonathan343 jonathan343 jonathan343 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@alextwoods @JordonPhillips @nateprewitt @jonathan343