Unverified Commit 66490981 authored by ysaito1001's avatar ysaito1001 Committed by GitHub
Browse files

Support selectable auth schemes (#4203) 

~**semver-hazards check failure will be resolved when #4211 is released
from `aws-sdk-rust`**~

## Description
Add support for auth scheme preference, which allows customers to
re-prioritize the order of auth schemes originally determined by the
auth scheme resolver. See [the
changelog](https://github.com/smithy-lang/smithy-rs/blob/2d483a0880c30683858329fc8411e9f9282de633/.changelog/1752160009.md)
where the auth scheme preference can be configured.

Note: The preference list is merely a hint rather than a strict
override. Any auth schemes not included in the originally resolved auth
schemes will be ignored, and won't be an error.

~To support the implementation, a utility method has been added to
`NowOrLater` to map an inner future.~

## Testing
Those called out in the feature spec:
-
[auth_scheme_preference_should_take_the_highest_priority](https://github.com/smithy-lang/smithy-rs/pull/4203/files#diff-b45485e1d1dd937e149c9c703156aa1a7f71b2bbbd5dddb29ffba385b65c50b0R12)
for `Alternative Auth Resolution`
-
[test_resolve_identity](https://github.com/smithy-lang/smithy-rs/pull/4203/files#diff-db7260e3be202c63463123101814c7bf23ef47796bf23a14d67f567285039d46R891)
to verify `Resolving Auth and Credentials`
- [auth scheme
preference](https://github.com/smithy-lang/smithy-rs/pull/4203/files#diff-e63831c17293fd55b608a406f472155f8809239f3c3afba20bcd77bdc8da2ea3R140)
to verify `Manual auth schemes configuration`
- [test for parsing auth scheme preference from environmental
configuration](https://github.com/smithy-lang/smithy-rs/pull/4203/files#diff-d9b0e8d5e74b3e0542908745494b34c1784153ed4e566fe1ce581f8605e801eaR99)

## Checklist
<!--- If a checkbox below is not applicable, then please DELETE it
rather than leaving it unchecked -->
- [x] For changes to the smithy-rs codegen or runtime crates, I have
created a changelog entry Markdown file in the `.changelog` directory,
specifying "client," "server," or both in the `applies_to` key.
- [x] For changes to the AWS SDK, generated SDK code, or SDK runtime
crates, I have created a changelog entry Markdown file in the
`.changelog` directory, specifying "aws-sdk-rust" in the `applies_to`
key.

----

_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
parent 55c92670

.changelog/1752160009.md

0 → 100644
+37 −0
Original line number Diff line number Diff line 
---

applies_to:

- aws-sdk-rust

- client

authors:

- ysaito1001

references:

- smithy-rs#4203

breaking: false

new_feature: true

bug_fix: false

---

Add support for configuring auth schemes manually using an auth scheme preference list.

The preference list allows customers to reprioritize the order of auth schemes originally

determined by the auth scheme resolver.

Customers can configure the auth scheme preference at the following locations, listed in order of precedence:

1. Service Client Configuration

```rust

use aws_runtime::auth::sigv4;

use aws_smithy_runtime_api::client::auth::AuthSchemeId;

use aws_smithy_runtime_api::client::auth::http::HTTP_BEARER_AUTH_SCHEME_ID;



let config = aws_sdk_s3::Config::builder()

    .auth_scheme_preference([AuthSchemeId::from("scheme1"), sigv4::SCHEME_ID, HTTP_BEARER_AUTH_SCHEME_ID])

    // ...

    .build();

```

2. Environment Variable

```

AWS_AUTH_SCHEME_PREFERENCE=scheme1, sigv4, httpBearerAuth

```

3. Configuration File

```

auth_scheme_preference=scheme1, sigv4, httpBearerAuth

```

With this configuration, the auth scheme resolver will prefer to select them in the specified order,

if they are supported.

aws/rust-runtime/aws-config/Cargo.lock

+4 −4
Original line number Diff line number Diff line
@@ -50,7 +50,7 @@ checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" 


[[package]]

name = "aws-config"

version = "1.8.2"

version = "1.8.3"

dependencies = [

 "aws-credential-types",

 "aws-runtime",
@@ -318,7 +318,7 @@ dependencies = [ 


[[package]]

name = "aws-smithy-runtime"

version = "1.8.4"

version = "1.8.5"

dependencies = [

 "aws-smithy-async",

 "aws-smithy-http",
@@ -341,7 +341,7 @@ dependencies = [ 


[[package]]

name = "aws-smithy-runtime-api"

version = "1.8.3"

version = "1.8.4"

dependencies = [

 "aws-smithy-async",

 "aws-smithy-types",
@@ -384,7 +384,7 @@ dependencies = [ 


[[package]]

name = "aws-types"

version = "1.3.7"

version = "1.3.8"

dependencies = [

 "aws-credential-types",

 "aws-smithy-async",

aws/rust-runtime/aws-config/Cargo.toml

+1 −1
Original line number Diff line number Diff line 
[package]

name = "aws-config"

version = "1.8.2"

version = "1.8.3"

authors = [

    "AWS Rust SDK Team <aws-sdk-rust@amazon.com>",

    "Russell Cohen <rcoh@amazon.com>",

aws/rust-runtime/aws-config/external-types.toml

+1 −10
Original line number Diff line number Diff line
@@ -3,10 +3,8 @@ 
# require manual version bumping every time an automated version bump

# to the exposed SDK crates happens.

allowed_external_types = [

   "aws_credential_types::cache::CredentialsCache",

   "aws_credential_types::provider::credentials::ProvideCredentials",

   "aws_credential_types::provider::credentials::Result",

   "aws_credential_types::provider::credentials::SharedCredentialsProvider",

   "aws_credential_types::provider::token::ProvideToken",

   "aws_runtime::env_config::error::EnvConfigFileLoadError",

   "aws_runtime::env_config::file::Builder",
@@ -17,30 +15,23 @@ allowed_external_types = [ 
   "aws_runtime::env_config::section::EnvConfigSections",

   "aws_runtime::env_config::section::Profile",

   "aws_smithy_async::rt::sleep::AsyncSleep",

   "aws_smithy_async::rt::sleep::SharedAsyncSleep",

   "aws_smithy_async::time::SharedTimeSource",

   "aws_smithy_async::time::TimeSource",

   "aws_smithy_runtime::client::identity::cache::IdentityCache",

   "aws_smithy_runtime::client::identity::cache::lazy::LazyCacheBuilder",

   "aws_smithy_runtime_api::client::auth::AuthSchemePreference",

   "aws_smithy_runtime_api::box_error::BoxError",

   "aws_smithy_runtime_api::client::behavior_version::BehaviorVersion",

   "aws_smithy_runtime_api::client::dns::ResolveDns",

   "aws_smithy_runtime_api::client::dns::SharedDnsResolver",

   "aws_smithy_runtime_api::client::http::HttpClient",

   "aws_smithy_runtime_api::client::http::SharedHttpClient",

   "aws_smithy_runtime_api::client::identity::ResolveCachedIdentity",

   "aws_smithy_runtime_api::client::identity::ResolveIdentity",

   "aws_smithy_runtime_api::client::orchestrator::HttpResponse",

   "aws_smithy_runtime_api::client::result::SdkError",

   "aws_smithy_runtime_api::client::retries::classifiers::ClassifyRetry",

   "aws_smithy_runtime_api::client::retries::classifiers::SharedRetryClassifier",

   "aws_smithy_runtime_api::client::stalled_stream_protection::StalledStreamProtectionConfig",

   "aws_smithy_types::body::SdkBody",

   "aws_smithy_types::checksum_config::RequestChecksumCalculation",

   "aws_smithy_types::checksum_config::ResponseChecksumValidation",

   "aws_smithy_types::retry",

   "aws_smithy_types::retry::*",

   "aws_smithy_types::timeout",

   "aws_smithy_types::timeout::OperationTimeoutConfig",

   "aws_smithy_types::timeout::TimeoutConfig",

   "aws_smithy_types::timeout::TimeoutConfigBuilder",

aws/rust-runtime/aws-config/src/default_provider.rs

+3 −0
Original line number Diff line number Diff line
@@ -69,3 +69,6 @@ pub mod checksums; 


/// Default provider chain for account-based endpoint mode

pub mod account_id_endpoint_mode;



/// Default provider chain for auth scheme preference list

pub mod auth_scheme_preference;