Unverified Commit 00bc624a authored by Russell Cohen's avatar Russell Cohen Committed by GitHub
Browse files

Add Support for SSO (#1051) 



* Add Support for SSO

This commit adds support for the SSO credential provider, which enables the aws-config to support using SSO when specified in `~/.aws/config`.

* Rename & add test of configuration failure

* Add SSO to the smoke test list

* CR improvements

- Improve error messages
- zeroize token
- add track_caller to improve test failure error messages

* Apply suggestions from code review

Co-authored-by: default avatarJohn DiSanti <jdisanti@amazon.com>

* Update changelogs

Co-authored-by: default avatarJohn DiSanti <jdisanti@amazon.com>
parent 8fe1083f

.github/workflows/pull-request-bot.yml

+3 −3
Original line number Diff line number Diff line
@@ -104,11 +104,11 @@ jobs: 
        toolchain: ${{ env.rust_version }}

        default: true

    - name: Generate doc preview

      # Only generate three of the smallest services since the doc build can be very large. One of these must be

      # STS since aws-config depends on it. STS and Transcribe Streaming and DynamoDB (paginators/waiters) were chosen

      # Only generate three of the smallest services since the doc build can be very large. STS and SSO must be

      # included since aws-config depends on them. Transcribe Streaming and DynamoDB (paginators/waiters) were chosen

      # below to stay small while still representing most features. Combined, they are about ~20MB at time of writing.

      run: |

        ./gradlew -Paws.services=+sts,+transcribestreaming,+dynamodb :aws:sdk:assemble

        ./gradlew -Paws.services=+sts,+sso,+transcribestreaming,+dynamodb :aws:sdk:assemble



        # Copy the Server runtime crate(s) in

        cp -r rust-runtime/aws-smithy-http-server aws/sdk/build/aws-sdk/sdk

CHANGELOG.next.toml

+6 −0
Original line number Diff line number Diff line
@@ -16,3 +16,9 @@ message = "The docs for fluent builders now have easy links to their correspondi 
references = ["aws-sdk-rust#348"]

meta = { "breaking" = false, "tada" = true, "bug" = false }

author = "Velfi"



[[aws-sdk-rust]]

message = "Add support for SSO credentials"

references = ["smithy-rs#1051", "aws-sdk-rust#4"]

meta = { "breaking" = false, "tada" = true, "bug" = false }

author = "rcoh"

aws/rust-runtime/aws-config/Cargo.toml

+7 −0
Original line number Diff line number Diff line
@@ -17,6 +17,7 @@ default = ["rustls", "rt-tokio"] 


[dependencies]

aws-sdk-sts = { path = "../../sdk/build/aws-sdk/sdk/sts", default-features = false }

aws-sdk-sso = { path = "../../sdk/build/aws-sdk/sdk/sso", default-features = false }

aws-smithy-async = { path = "../../sdk/build/aws-sdk/sdk/aws-smithy-async" }

aws-smithy-client = { path = "../../sdk/build/aws-sdk/sdk/aws-smithy-client" }

aws-smithy-types = { path = "../../sdk/build/aws-sdk/sdk/aws-smithy-types" }
@@ -29,6 +30,12 @@ aws-http = { path = "../../sdk/build/aws-sdk/sdk/aws-http" } 
aws-smithy-http = { path = "../../sdk/build/aws-sdk/sdk/aws-smithy-http" }

aws-smithy-http-tower = { path = "../../sdk/build/aws-sdk/sdk/aws-smithy-http-tower" }

aws-smithy-json = { path = "../../sdk/build/aws-sdk/sdk/aws-smithy-json" }



# implementation detail of SSO credential caching

ring = "0.16"

hex = "0.4.3"

zeroize = "1"



bytes = "1.1.0"

http = "0.2.4"

tower = { version = "0.4.8" }

aws/rust-runtime/aws-config/src/default_provider.rs

+3 −0
Original line number Diff line number Diff line
@@ -676,6 +676,9 @@ pub mod credentials { 
        make_test!(ecs_assume_role);

        make_test!(ecs_credentials);



        make_test!(sso_assume_role);

        make_test!(sso_no_token_file);



        #[tokio::test]

        async fn profile_name_override() {

            let (_, conf) =

aws/rust-runtime/aws-config/src/fs_util.rs

0 → 100644
+62 −0
Original line number Diff line number Diff line 
/*

 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

 * SPDX-License-Identifier: Apache-2.0.

 */



use aws_types::os_shim_internal;



#[derive(Debug, Copy, Clone, Eq, PartialEq)]

pub(crate) enum Os {

    Windows,

    NotWindows,

}



impl Os {

    pub fn real() -> Self {

        match std::env::consts::OS {

            "windows" => Os::Windows,

            _ => Os::NotWindows,

        }

    }

}



/// Resolve a home directory given a set of environment variables

pub(crate) fn home_dir(env_var: &os_shim_internal::Env, os: Os) -> Option<String> {

    if let Ok(home) = env_var.get("HOME") {

        tracing::debug!(src = "HOME", "loaded home directory");

        return Some(home);

    }



    if os == Os::Windows {

        if let Ok(home) = env_var.get("USERPROFILE") {

            tracing::debug!(src = "USERPROFILE", "loaded home directory");

            return Some(home);

        }



        let home_drive = env_var.get("HOMEDRIVE");

        let home_path = env_var.get("HOMEPATH");

        tracing::debug!(src = "HOMEDRIVE/HOMEPATH", "loaded home directory");

        if let (Ok(mut drive), Ok(path)) = (home_drive, home_path) {

            drive.push_str(&path);

            return Some(drive);

        }

    }

    None

}



#[cfg(test)]

mod test {

    use super::*;

    use aws_types::os_shim_internal::Env;



    #[test]

    fn homedir_profile_only_windows() {

        // windows specific variables should only be considered when the platform is windows

        let env = Env::from_slice(&[("USERPROFILE", "C:\\Users\\name")]);

        assert_eq!(

            home_dir(&env, Os::Windows),

            Some("C:\\Users\\name".to_string())

        );

        assert_eq!(home_dir(&env, Os::NotWindows), None);

    }

}