diff --git a/clients/client-sts/package.json b/clients/client-sts/package.json index 80f30069f0a3..00f53f32212e 100644 --- a/clients/client-sts/package.json +++ b/clients/client-sts/package.json @@ -27,8 +27,6 @@ "@aws-sdk/middleware-host-header": "*", "@aws-sdk/middleware-logger": "*", "@aws-sdk/middleware-recursion-detection": "*", - "@aws-sdk/middleware-sdk-sts": "*", - "@aws-sdk/middleware-signing": "*", "@aws-sdk/middleware-user-agent": "*", "@aws-sdk/region-config-resolver": "*", "@aws-sdk/types": "*", @@ -36,6 +34,7 @@ "@aws-sdk/util-user-agent-browser": "*", "@aws-sdk/util-user-agent-node": "*", "@smithy/config-resolver": "^2.0.21", + "@smithy/core": "^1.1.0", "@smithy/fetch-http-handler": "^2.3.1", "@smithy/hash-node": "^2.0.17", "@smithy/invalid-dependency": "^2.0.15", @@ -56,6 +55,7 @@ "@smithy/util-defaults-mode-browser": "^2.0.22", "@smithy/util-defaults-mode-node": "^2.0.29", "@smithy/util-endpoints": "^1.0.7", + "@smithy/util-middleware": "^2.0.8", "@smithy/util-retry": "^2.0.8", "@smithy/util-utf8": "^2.0.2", "fast-xml-parser": "4.2.5", diff --git a/clients/client-sts/src/STSClient.ts b/clients/client-sts/src/STSClient.ts index bf72ae4e80d4..b32d8b5e27a6 100644 --- a/clients/client-sts/src/STSClient.ts +++ b/clients/client-sts/src/STSClient.ts @@ -7,15 +7,18 @@ import { } from "@aws-sdk/middleware-host-header"; import { getLoggerPlugin } from "@aws-sdk/middleware-logger"; import { getRecursionDetectionPlugin } from "@aws-sdk/middleware-recursion-detection"; -import { resolveStsAuthConfig, StsAuthInputConfig, StsAuthResolvedConfig } from "@aws-sdk/middleware-sdk-sts"; import { getUserAgentPlugin, resolveUserAgentConfig, UserAgentInputConfig, UserAgentResolvedConfig, } from "@aws-sdk/middleware-user-agent"; -import { Credentials as __Credentials } from "@aws-sdk/types"; import { RegionInputConfig, RegionResolvedConfig, resolveRegionConfig } from "@smithy/config-resolver"; +import { + DefaultIdentityProviderConfig, + getHttpAuthSchemeEndpointRuleSetPlugin, + getHttpSigningPlugin, +} from "@smithy/core"; import { getContentLengthPlugin } from "@smithy/middleware-content-length"; import { EndpointInputConfig, EndpointResolvedConfig, resolveEndpointConfig } from "@smithy/middleware-endpoint"; import { getRetryPlugin, resolveRetryConfig, RetryInputConfig, RetryResolvedConfig } from "@smithy/middleware-retry"; @@ -27,6 +30,7 @@ import { SmithyResolvedConfiguration as __SmithyResolvedConfiguration, } from "@smithy/smithy-client"; import { + AwsCredentialIdentityProvider, BodyLengthCalculator as __BodyLengthCalculator, CheckOptionalClientConfig as __CheckOptionalClientConfig, ChecksumConstructor as __ChecksumConstructor, @@ -43,6 +47,12 @@ import { UserAgent as __UserAgent, } from "@smithy/types"; +import { + defaultSTSHttpAuthSchemeParametersProvider, + HttpAuthSchemeInputConfig, + HttpAuthSchemeResolvedConfig, + resolveHttpAuthSchemeConfig, +} from "./auth/httpAuthSchemeProvider"; import { AssumeRoleCommandInput, AssumeRoleCommandOutput } from "./commands/AssumeRoleCommand"; import { AssumeRoleWithSAMLCommandInput, AssumeRoleWithSAMLCommandOutput } from "./commands/AssumeRoleWithSAMLCommand"; import { @@ -181,21 +191,22 @@ export interface ClientDefaults extends Partial<__SmithyResolvedConfiguration<__ useFipsEndpoint?: boolean | __Provider; /** - * The AWS region to which this client will send requests + * The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header + * @internal */ - region?: string | __Provider; + defaultUserAgentProvider?: Provider<__UserAgent>; /** - * Default credentials provider; Not available in browser runtime. - * @internal + * The AWS region to which this client will send requests */ - credentialDefaultProvider?: (input: any) => __Provider<__Credentials>; + region?: string | __Provider; /** - * The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header + * Default credentials provider; Not available in browser runtime. + * @deprecated * @internal */ - defaultUserAgentProvider?: Provider<__UserAgent>; + credentialDefaultProvider?: (input: any) => AwsCredentialIdentityProvider; /** * Value for how many times a request will be made at most in case of retry. @@ -234,8 +245,8 @@ export type STSClientConfigType = Partial<__SmithyConfiguration<__HttpHandlerOpt EndpointInputConfig & RetryInputConfig & HostHeaderInputConfig & - StsAuthInputConfig & UserAgentInputConfig & + HttpAuthSchemeInputConfig & ClientInputEndpointParameters; /** * @public @@ -254,8 +265,8 @@ export type STSClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpHa EndpointResolvedConfig & RetryResolvedConfig & HostHeaderResolvedConfig & - StsAuthResolvedConfig & UserAgentResolvedConfig & + HttpAuthSchemeResolvedConfig & ClientResolvedEndpointParameters; /** * @public @@ -282,6 +293,17 @@ export class STSClient extends __Client< */ readonly config: STSClientResolvedConfig; + private getDefaultHttpAuthSchemeParametersProvider() { + return defaultSTSHttpAuthSchemeParametersProvider; + } + + private getIdentityProviderConfigProvider() { + return async (config: STSClientResolvedConfig) => + new DefaultIdentityProviderConfig({ + "aws.auth#sigv4": config.credentials, + }); + } + constructor(...[configuration]: __CheckOptionalClientConfig) { const _config_0 = __getRuntimeConfig(configuration || {}); const _config_1 = resolveClientEndpointParameters(_config_0); @@ -289,8 +311,8 @@ export class STSClient extends __Client< const _config_3 = resolveEndpointConfig(_config_2); const _config_4 = resolveRetryConfig(_config_3); const _config_5 = resolveHostHeaderConfig(_config_4); - const _config_6 = resolveStsAuthConfig(_config_5, { stsClientCtor: STSClient }); - const _config_7 = resolveUserAgentConfig(_config_6); + const _config_6 = resolveUserAgentConfig(_config_5); + const _config_7 = resolveHttpAuthSchemeConfig(_config_6); const _config_8 = resolveRuntimeExtensions(_config_7, configuration?.extensions || []); super(_config_8); this.config = _config_8; @@ -300,6 +322,13 @@ export class STSClient extends __Client< this.middlewareStack.use(getLoggerPlugin(this.config)); this.middlewareStack.use(getRecursionDetectionPlugin(this.config)); this.middlewareStack.use(getUserAgentPlugin(this.config)); + this.middlewareStack.use( + getHttpAuthSchemeEndpointRuleSetPlugin(this.config, { + httpAuthSchemeParametersProvider: this.getDefaultHttpAuthSchemeParametersProvider(), + identityProviderConfigProvider: this.getIdentityProviderConfigProvider(), + }) + ); + this.middlewareStack.use(getHttpSigningPlugin(this.config)); } /** diff --git a/clients/client-sts/src/auth/httpAuthExtensionConfiguration.ts b/clients/client-sts/src/auth/httpAuthExtensionConfiguration.ts new file mode 100644 index 000000000000..2c37e6db7081 --- /dev/null +++ b/clients/client-sts/src/auth/httpAuthExtensionConfiguration.ts @@ -0,0 +1,72 @@ +// smithy-typescript generated code +import { AwsCredentialIdentity, AwsCredentialIdentityProvider, HttpAuthScheme } from "@smithy/types"; + +import { STSHttpAuthSchemeProvider } from "./httpAuthSchemeProvider"; + +/** + * @internal + */ +export interface HttpAuthExtensionConfiguration { + setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void; + httpAuthSchemes(): HttpAuthScheme[]; + setHttpAuthSchemeProvider(httpAuthSchemeProvider: STSHttpAuthSchemeProvider): void; + httpAuthSchemeProvider(): STSHttpAuthSchemeProvider; + setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void; + credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined; +} + +/** + * @internal + */ +export type HttpAuthRuntimeConfig = Partial<{ + httpAuthSchemes: HttpAuthScheme[]; + httpAuthSchemeProvider: STSHttpAuthSchemeProvider; + credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider; +}>; + +/** + * @internal + */ +export const getHttpAuthExtensionConfiguration = ( + runtimeConfig: HttpAuthRuntimeConfig +): HttpAuthExtensionConfiguration => { + const _httpAuthSchemes = runtimeConfig.httpAuthSchemes!; + let _httpAuthSchemeProvider = runtimeConfig.httpAuthSchemeProvider!; + let _credentials = runtimeConfig.credentials; + return { + setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void { + const index = _httpAuthSchemes.findIndex((scheme) => scheme.schemeId === httpAuthScheme.schemeId); + if (index === -1) { + _httpAuthSchemes.push(httpAuthScheme); + } else { + _httpAuthSchemes.splice(index, 1, httpAuthScheme); + } + }, + httpAuthSchemes(): HttpAuthScheme[] { + return _httpAuthSchemes; + }, + setHttpAuthSchemeProvider(httpAuthSchemeProvider: STSHttpAuthSchemeProvider): void { + _httpAuthSchemeProvider = httpAuthSchemeProvider; + }, + httpAuthSchemeProvider(): STSHttpAuthSchemeProvider { + return _httpAuthSchemeProvider; + }, + setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void { + _credentials = credentials; + }, + credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined { + return _credentials; + }, + }; +}; + +/** + * @internal + */ +export const resolveHttpAuthRuntimeConfig = (config: HttpAuthExtensionConfiguration): HttpAuthRuntimeConfig => { + return { + httpAuthSchemes: config.httpAuthSchemes(), + httpAuthSchemeProvider: config.httpAuthSchemeProvider(), + credentials: config.credentials(), + }; +}; diff --git a/clients/client-sts/src/auth/httpAuthSchemeProvider.ts b/clients/client-sts/src/auth/httpAuthSchemeProvider.ts new file mode 100644 index 000000000000..8b63101df3cd --- /dev/null +++ b/clients/client-sts/src/auth/httpAuthSchemeProvider.ts @@ -0,0 +1,168 @@ +// smithy-typescript generated code +import { + AWSSDKSigV4AuthInputConfig, + AWSSDKSigV4AuthResolvedConfig, + AWSSDKSigV4PreviouslyResolved, + resolveAWSSDKSigV4Config, +} from "@aws-sdk/core"; +import { + Client, + HandlerExecutionContext, + HttpAuthOption, + HttpAuthScheme, + HttpAuthSchemeParameters, + HttpAuthSchemeParametersProvider, + HttpAuthSchemeProvider, +} from "@smithy/types"; +import { getSmithyContext, normalizeProvider } from "@smithy/util-middleware"; + +import { STSClient, STSClientConfig, STSClientResolvedConfig } from "../STSClient"; + +/** + * @internal + */ +export interface STSHttpAuthSchemeParameters extends HttpAuthSchemeParameters { + region?: string; +} + +/** + * @internal + */ +export interface STSHttpAuthSchemeParametersProvider + extends HttpAuthSchemeParametersProvider< + STSClientResolvedConfig, + HandlerExecutionContext, + STSHttpAuthSchemeParameters, + object + > {} + +/** + * @internal + */ +export const defaultSTSHttpAuthSchemeParametersProvider = async ( + config: STSClientResolvedConfig, + context: HandlerExecutionContext, + input: object +): Promise => { + return { + operation: getSmithyContext(context).operation as string, + region: + (await normalizeProvider(config.region)()) || + (() => { + throw new Error("expected `region` to be configured for `aws.auth#sigv4`"); + })(), + }; +}; + +function createAwsAuthSigv4HttpAuthOption(authParameters: STSHttpAuthSchemeParameters): HttpAuthOption { + return { + schemeId: "aws.auth#sigv4", + signingProperties: { + name: "sts", + region: authParameters.region, + }, + propertiesExtractor: (config: STSClientConfig, context) => ({ + /** + * @internal + */ + signingProperties: { + config, + context, + }, + }), + }; +} + +function createSmithyApiNoAuthHttpAuthOption(authParameters: STSHttpAuthSchemeParameters): HttpAuthOption { + return { + schemeId: "smithy.api#noAuth", + }; +} + +/** + * @internal + */ +export interface STSHttpAuthSchemeProvider extends HttpAuthSchemeProvider {} + +/** + * @internal + */ +export const defaultSTSHttpAuthSchemeProvider: STSHttpAuthSchemeProvider = (authParameters) => { + const options: HttpAuthOption[] = []; + switch (authParameters.operation) { + case "AssumeRoleWithSAML": { + options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); + break; + } + case "AssumeRoleWithWebIdentity": { + options.push(createSmithyApiNoAuthHttpAuthOption(authParameters)); + break; + } + default: { + options.push(createAwsAuthSigv4HttpAuthOption(authParameters)); + } + } + return options; +}; + +export interface StsAuthInputConfig {} + +export interface StsAuthResolvedConfig { + /** + * Reference to STSClient class constructor. + * @internal + */ + stsClientCtor: new (clientConfig: any) => Client; +} + +export const resolveStsAuthConfig = (input: T & StsAuthInputConfig): T & StsAuthResolvedConfig => ({ + ...input, + stsClientCtor: STSClient, +}); + +/** + * @internal + */ +export interface HttpAuthSchemeInputConfig extends StsAuthInputConfig, AWSSDKSigV4AuthInputConfig { + /** + * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme. + * @internal + */ + httpAuthSchemes?: HttpAuthScheme[]; + + /** + * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use. + * @internal + */ + httpAuthSchemeProvider?: STSHttpAuthSchemeProvider; +} + +/** + * @internal + */ +export interface HttpAuthSchemeResolvedConfig extends StsAuthResolvedConfig, AWSSDKSigV4AuthResolvedConfig { + /** + * experimentalIdentityAndAuth: Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme. + * @internal + */ + readonly httpAuthSchemes: HttpAuthScheme[]; + + /** + * experimentalIdentityAndAuth: Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use. + * @internal + */ + readonly httpAuthSchemeProvider: STSHttpAuthSchemeProvider; +} + +/** + * @internal + */ +export const resolveHttpAuthSchemeConfig = ( + config: T & HttpAuthSchemeInputConfig & AWSSDKSigV4PreviouslyResolved +): T & HttpAuthSchemeResolvedConfig => { + const config_0 = resolveStsAuthConfig(config); + const config_1 = resolveAWSSDKSigV4Config(config_0); + return { + ...config_1, + } as T & HttpAuthSchemeResolvedConfig; +}; diff --git a/clients/client-sts/src/commands/AssumeRoleCommand.ts b/clients/client-sts/src/commands/AssumeRoleCommand.ts index 520f8baa8254..76a46b7d24b6 100644 --- a/clients/client-sts/src/commands/AssumeRoleCommand.ts +++ b/clients/client-sts/src/commands/AssumeRoleCommand.ts @@ -1,5 +1,4 @@ // smithy-typescript generated code -import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing"; import { EndpointParameterInstructions, getEndpointPlugin } from "@smithy/middleware-endpoint"; import { getSerdePlugin } from "@smithy/middleware-serde"; import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; @@ -296,7 +295,6 @@ export class AssumeRoleCommand extends $Command< ): Handler { this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); this.middlewareStack.use(getEndpointPlugin(configuration, AssumeRoleCommand.getEndpointParameterInstructions())); - this.middlewareStack.use(getAwsAuthPlugin(configuration)); const stack = clientStack.concat(this.middlewareStack); diff --git a/clients/client-sts/src/commands/DecodeAuthorizationMessageCommand.ts b/clients/client-sts/src/commands/DecodeAuthorizationMessageCommand.ts index 35c4c80a4e11..2c13c78a59dd 100644 --- a/clients/client-sts/src/commands/DecodeAuthorizationMessageCommand.ts +++ b/clients/client-sts/src/commands/DecodeAuthorizationMessageCommand.ts @@ -1,5 +1,4 @@ // smithy-typescript generated code -import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing"; import { EndpointParameterInstructions, getEndpointPlugin } from "@smithy/middleware-endpoint"; import { getSerdePlugin } from "@smithy/middleware-serde"; import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; @@ -156,7 +155,6 @@ export class DecodeAuthorizationMessageCommand extends $Command< this.middlewareStack.use( getEndpointPlugin(configuration, DecodeAuthorizationMessageCommand.getEndpointParameterInstructions()) ); - this.middlewareStack.use(getAwsAuthPlugin(configuration)); const stack = clientStack.concat(this.middlewareStack); diff --git a/clients/client-sts/src/commands/GetAccessKeyInfoCommand.ts b/clients/client-sts/src/commands/GetAccessKeyInfoCommand.ts index 19f682136ca5..f610a5269a72 100644 --- a/clients/client-sts/src/commands/GetAccessKeyInfoCommand.ts +++ b/clients/client-sts/src/commands/GetAccessKeyInfoCommand.ts @@ -1,5 +1,4 @@ // smithy-typescript generated code -import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing"; import { EndpointParameterInstructions, getEndpointPlugin } from "@smithy/middleware-endpoint"; import { getSerdePlugin } from "@smithy/middleware-serde"; import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; @@ -116,7 +115,6 @@ export class GetAccessKeyInfoCommand extends $Command< this.middlewareStack.use( getEndpointPlugin(configuration, GetAccessKeyInfoCommand.getEndpointParameterInstructions()) ); - this.middlewareStack.use(getAwsAuthPlugin(configuration)); const stack = clientStack.concat(this.middlewareStack); diff --git a/clients/client-sts/src/commands/GetCallerIdentityCommand.ts b/clients/client-sts/src/commands/GetCallerIdentityCommand.ts index 851e5aeba0ad..9eb0d295919c 100644 --- a/clients/client-sts/src/commands/GetCallerIdentityCommand.ts +++ b/clients/client-sts/src/commands/GetCallerIdentityCommand.ts @@ -1,5 +1,4 @@ // smithy-typescript generated code -import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing"; import { EndpointParameterInstructions, getEndpointPlugin } from "@smithy/middleware-endpoint"; import { getSerdePlugin } from "@smithy/middleware-serde"; import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; @@ -157,7 +156,6 @@ export class GetCallerIdentityCommand extends $Command< this.middlewareStack.use( getEndpointPlugin(configuration, GetCallerIdentityCommand.getEndpointParameterInstructions()) ); - this.middlewareStack.use(getAwsAuthPlugin(configuration)); const stack = clientStack.concat(this.middlewareStack); diff --git a/clients/client-sts/src/commands/GetFederationTokenCommand.ts b/clients/client-sts/src/commands/GetFederationTokenCommand.ts index 6557a4517c97..ff057472c0d7 100644 --- a/clients/client-sts/src/commands/GetFederationTokenCommand.ts +++ b/clients/client-sts/src/commands/GetFederationTokenCommand.ts @@ -1,5 +1,4 @@ // smithy-typescript generated code -import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing"; import { EndpointParameterInstructions, getEndpointPlugin } from "@smithy/middleware-endpoint"; import { getSerdePlugin } from "@smithy/middleware-serde"; import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; @@ -275,7 +274,6 @@ export class GetFederationTokenCommand extends $Command< this.middlewareStack.use( getEndpointPlugin(configuration, GetFederationTokenCommand.getEndpointParameterInstructions()) ); - this.middlewareStack.use(getAwsAuthPlugin(configuration)); const stack = clientStack.concat(this.middlewareStack); diff --git a/clients/client-sts/src/commands/GetSessionTokenCommand.ts b/clients/client-sts/src/commands/GetSessionTokenCommand.ts index 4a7f607c1bef..14a142b117b5 100644 --- a/clients/client-sts/src/commands/GetSessionTokenCommand.ts +++ b/clients/client-sts/src/commands/GetSessionTokenCommand.ts @@ -1,5 +1,4 @@ // smithy-typescript generated code -import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing"; import { EndpointParameterInstructions, getEndpointPlugin } from "@smithy/middleware-endpoint"; import { getSerdePlugin } from "@smithy/middleware-serde"; import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http"; @@ -199,7 +198,6 @@ export class GetSessionTokenCommand extends $Command< this.middlewareStack.use( getEndpointPlugin(configuration, GetSessionTokenCommand.getEndpointParameterInstructions()) ); - this.middlewareStack.use(getAwsAuthPlugin(configuration)); const stack = clientStack.concat(this.middlewareStack); diff --git a/clients/client-sts/src/extensionConfiguration.ts b/clients/client-sts/src/extensionConfiguration.ts index 947e45bd9560..160bb3e13bcd 100644 --- a/clients/client-sts/src/extensionConfiguration.ts +++ b/clients/client-sts/src/extensionConfiguration.ts @@ -3,10 +3,13 @@ import { AwsRegionExtensionConfiguration } from "@aws-sdk/types"; import { HttpHandlerExtensionConfiguration } from "@smithy/protocol-http"; import { DefaultExtensionConfiguration } from "@smithy/types"; +import { HttpAuthExtensionConfiguration } from "./auth/httpAuthExtensionConfiguration"; + /** * @internal */ export interface STSExtensionConfiguration extends HttpHandlerExtensionConfiguration, DefaultExtensionConfiguration, - AwsRegionExtensionConfiguration {} + AwsRegionExtensionConfiguration, + HttpAuthExtensionConfiguration {} diff --git a/clients/client-sts/src/index.ts b/clients/client-sts/src/index.ts index 56679e3bafa5..a97210047b99 100644 --- a/clients/client-sts/src/index.ts +++ b/clients/client-sts/src/index.ts @@ -16,8 +16,8 @@ export { STSExtensionConfiguration } from "./extensionConfiguration"; export * from "./commands"; export * from "./models"; -export * from "./defaultRoleAssumers"; - import "@aws-sdk/util-endpoints"; +export * from "./defaultRoleAssumers"; + export { STSServiceException } from "./models/STSServiceException"; diff --git a/clients/client-sts/src/runtimeConfig.shared.ts b/clients/client-sts/src/runtimeConfig.shared.ts index 46ae21d2c1ce..4c24cfcf1d53 100644 --- a/clients/client-sts/src/runtimeConfig.shared.ts +++ b/clients/client-sts/src/runtimeConfig.shared.ts @@ -1,9 +1,13 @@ // smithy-typescript generated code +import { AWSSDKSigV4Signer } from "@aws-sdk/core"; +import { NoAuthSigner } from "@smithy/core"; import { NoOpLogger } from "@smithy/smithy-client"; +import { IdentityProviderConfig } from "@smithy/types"; import { parseUrl } from "@smithy/url-parser"; import { fromBase64, toBase64 } from "@smithy/util-base64"; import { fromUtf8, toUtf8 } from "@smithy/util-utf8"; +import { defaultSTSHttpAuthSchemeProvider } from "./auth/httpAuthSchemeProvider"; import { defaultEndpointResolver } from "./endpoint/endpointResolver"; import { STSClientConfig } from "./STSClient"; @@ -18,6 +22,20 @@ export const getRuntimeConfig = (config: STSClientConfig) => { disableHostPrefix: config?.disableHostPrefix ?? false, endpointProvider: config?.endpointProvider ?? defaultEndpointResolver, extensions: config?.extensions ?? [], + httpAuthSchemeProvider: config?.httpAuthSchemeProvider ?? defaultSTSHttpAuthSchemeProvider, + httpAuthSchemes: config?.httpAuthSchemes ?? [ + { + schemeId: "aws.auth#sigv4", + identityProvider: (ipc: IdentityProviderConfig) => ipc.getIdentityProvider("aws.auth#sigv4"), + signer: new AWSSDKSigV4Signer(), + }, + { + schemeId: "smithy.api#noAuth", + identityProvider: (ipc: IdentityProviderConfig) => + ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), + signer: new NoAuthSigner(), + }, + ], logger: config?.logger ?? new NoOpLogger(), serviceId: config?.serviceId ?? "STS", urlParser: config?.urlParser ?? parseUrl, diff --git a/clients/client-sts/src/runtimeConfig.ts b/clients/client-sts/src/runtimeConfig.ts index e36833e164b8..b0f63454e062 100644 --- a/clients/client-sts/src/runtimeConfig.ts +++ b/clients/client-sts/src/runtimeConfig.ts @@ -3,7 +3,7 @@ import packageInfo from "../package.json"; // eslint-disable-line import { decorateDefaultCredentialProvider } from "./defaultStsRoleAssumers"; -import { emitWarningIfUnsupportedVersion as awsCheckVersion } from "@aws-sdk/core"; +import { AWSSDKSigV4Signer, emitWarningIfUnsupportedVersion as awsCheckVersion } from "@aws-sdk/core"; import { defaultProvider as credentialDefaultProvider } from "@aws-sdk/credential-provider-node"; import { defaultUserAgent } from "@aws-sdk/util-user-agent-node"; import { @@ -12,10 +12,12 @@ import { NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, } from "@smithy/config-resolver"; +import { NoAuthSigner } from "@smithy/core"; import { Hash } from "@smithy/hash-node"; import { NODE_MAX_ATTEMPT_CONFIG_OPTIONS, NODE_RETRY_MODE_CONFIG_OPTIONS } from "@smithy/middleware-retry"; import { loadConfig as loadNodeConfig } from "@smithy/node-config-provider"; import { NodeHttpHandler as RequestHandler, streamCollector } from "@smithy/node-http-handler"; +import { IdentityProviderConfig } from "@smithy/types"; import { calculateBodyLength } from "@smithy/util-body-length-node"; import { DEFAULT_RETRY_MODE } from "@smithy/util-retry"; import { STSClientConfig } from "./STSClient"; @@ -44,6 +46,22 @@ export const getRuntimeConfig = (config: STSClientConfig) => { defaultUserAgentProvider: config?.defaultUserAgentProvider ?? defaultUserAgent({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }), + httpAuthSchemes: config?.httpAuthSchemes ?? [ + { + schemeId: "aws.auth#sigv4", + identityProvider: (ipc: IdentityProviderConfig) => + ipc.getIdentityProvider("aws.auth#sigv4") || + (async (idProps) => + await decorateDefaultCredentialProvider(credentialDefaultProvider)(idProps?.__config || {})()), + signer: new AWSSDKSigV4Signer(), + }, + { + schemeId: "smithy.api#noAuth", + identityProvider: (ipc: IdentityProviderConfig) => + ipc.getIdentityProvider("smithy.api#noAuth") || (async () => ({})), + signer: new NoAuthSigner(), + }, + ], maxAttempts: config?.maxAttempts ?? loadNodeConfig(NODE_MAX_ATTEMPT_CONFIG_OPTIONS), region: config?.region ?? loadNodeConfig(NODE_REGION_CONFIG_OPTIONS, NODE_REGION_CONFIG_FILE_OPTIONS), requestHandler: config?.requestHandler ?? new RequestHandler(defaultConfigProvider), diff --git a/clients/client-sts/src/runtimeExtensions.ts b/clients/client-sts/src/runtimeExtensions.ts index 3ad09c6f067f..9cbe73549e80 100644 --- a/clients/client-sts/src/runtimeExtensions.ts +++ b/clients/client-sts/src/runtimeExtensions.ts @@ -6,6 +6,7 @@ import { import { getHttpHandlerExtensionConfiguration, resolveHttpHandlerRuntimeConfig } from "@smithy/protocol-http"; import { getDefaultExtensionConfiguration, resolveDefaultRuntimeConfig } from "@smithy/smithy-client"; +import { getHttpAuthExtensionConfiguration, resolveHttpAuthRuntimeConfig } from "./auth/httpAuthExtensionConfiguration"; import { STSExtensionConfiguration } from "./extensionConfiguration"; /** @@ -32,6 +33,7 @@ export const resolveRuntimeExtensions = (runtimeConfig: any, extensions: Runtime ...asPartial(getAwsRegionExtensionConfiguration(runtimeConfig)), ...asPartial(getDefaultExtensionConfiguration(runtimeConfig)), ...asPartial(getHttpHandlerExtensionConfiguration(runtimeConfig)), + ...asPartial(getHttpAuthExtensionConfiguration(runtimeConfig)), }; extensions.forEach((extension) => extension.configure(extensionConfiguration)); @@ -41,5 +43,6 @@ export const resolveRuntimeExtensions = (runtimeConfig: any, extensions: Runtime ...resolveAwsRegionExtensionConfiguration(extensionConfiguration), ...resolveDefaultRuntimeConfig(extensionConfiguration), ...resolveHttpHandlerRuntimeConfig(extensionConfiguration), + ...resolveHttpAuthRuntimeConfig(extensionConfiguration), }; }; diff --git a/codegen/sdk-codegen/build.gradle.kts b/codegen/sdk-codegen/build.gradle.kts index 82efa026c92c..b5bd26917125 100644 --- a/codegen/sdk-codegen/build.gradle.kts +++ b/codegen/sdk-codegen/build.gradle.kts @@ -105,6 +105,7 @@ tasks.register("generate-smithy-build") { ).expectObjectNode() val experimentalIdentityAndAuthServices = setOf( ShapeId.from("com.amazonaws.codecatalyst#CodeCatalyst"), + ShapeId.from("com.amazonaws.sts#AWSSecurityTokenServiceV20110615"), ) val projectionContents = Node.objectNodeBuilder() .withMember("imports", Node.fromStrings("${models.getAbsolutePath()}${File.separator}${file.name}"))