Fix `sigv4-s3express` position in `auth_scheme_options` (#3498)

references = ["smithy-rs#3488"]

meta = { "breaking" = false, "tada" = true, "bug" = false }

authors = ["Velfi"]

[[aws-sdk-rust]]

message = "Fix a bug where a `sigv4-s3express` auth scheme was incorrectly positioned at the front of `auth_scheme_options` and was used when no auth schemes were available for an endpoint."

references = ["smithy-rs#3498"]

meta = { "breaking" = false, "bug" = true, "tada" = false }

author = "ysaito1001"

    delegateTo =

        object : ClientCodegenDecorator {

            override val name: String get() = "SigV4AuthDecorator"

            override val order: Byte = 0

            override val order: Byte = ORDER

            private val sigv4a = "sigv4a"

                }

            }

        },

)

) {

    companion object {

        const val ORDER: Byte = 0

    }

}

private class SigV4SigningConfig(

    runtimeConfig: RuntimeConfig,

import software.amazon.smithy.rustsdk.AwsCargoDependency

import software.amazon.smithy.rustsdk.AwsRuntimeType

import software.amazon.smithy.rustsdk.InlineAwsDependency

import software.amazon.smithy.rustsdk.SigV4AuthDecorator

class S3ExpressDecorator : ClientCodegenDecorator {

    override val name: String = "S3ExpressDecorator"

    override val order: Byte = 0

    // This decorator must decorate after SigV4AuthDecorator so that sigv4 appears before sigv4-s3express within auth_scheme_options

    override val order: Byte = (SigV4AuthDecorator.ORDER - 1).toByte()

    private fun sigv4S3Express(runtimeConfig: RuntimeConfig) =

        writable {

use std::time::{Duration, SystemTime};

use aws_config::timeout::TimeoutConfig;

use aws_config::Region;

use aws_sdk_s3::config::endpoint::{EndpointFuture, Params, ResolveEndpoint};

use aws_sdk_s3::config::{Builder, Credentials};

use aws_sdk_s3::presigning::PresigningConfig;

use aws_sdk_s3::primitives::SdkBody;

    capture_request, ReplayEvent, StaticReplayClient,

};

use aws_smithy_runtime::test_util::capture_test_logs::capture_test_logs;

use aws_smithy_types::endpoint::Endpoint;

use http::Uri;

async fn test_client<F>(update_builder: F) -> Client

    assert_eq!(expected_session_token, actual_session_token);

    assert!(req.headers().get("x-amz-s3session-token").is_none());

}

#[tokio::test]

async fn s3_express_auth_flow_should_not_be_reached_with_no_auth_schemes() {

    #[derive(Debug)]

    struct TestResolver {

        url: String,

    }

    impl ResolveEndpoint for TestResolver {

        fn resolve_endpoint(&self, _params: &Params) -> EndpointFuture<'_> {

            EndpointFuture::ready(Ok(Endpoint::builder().url(self.url.clone()).build()))

        }

    }

    let (http_client, request) = capture_request(None);

    let conf = Config::builder()

        .http_client(http_client)

        .region(Region::new("us-west-2"))

        .endpoint_resolver(TestResolver {

            url: "http://127.0.0.1".to_owned(),

        })

        .with_test_defaults()

        .timeout_config(

            TimeoutConfig::builder()

                .operation_attempt_timeout(Duration::from_secs(1))

                .build(),

        )

        .build();

    let client = Client::from_conf(conf);

    // Note that we pass a regular bucket; when the bug was present, it still went through s3 Express auth flow.

    let _ = client.list_objects_v2().bucket("test-bucket").send().await;

    // If s3 Express auth flow were exercised, no request would be received, most likely due to `TimeoutError`.

    let _ = request.expect_request();

}

    val name: String

    /**

     * Enable a deterministic ordering to be applied, with the lowest numbered integrations being applied first

     * Enable a deterministic ordering to be applied

     *

     * Lowest numbered integrations are applied last since they are applied in reverse order of their positions

     * in the list of decorators.

     */

    val order: Byte