feat: S3 Express support #1906
feat: S3 Express support #1906
Conversation
| continuation.resume(returning: fileBasedConfig) | ||
| } catch { | ||
| continuation.resume(throwing: error) | ||
| } |
There was a problem hiding this comment.
This just fixes a concurrency issue; the nonconcurrent code called here should be called using withCheckedThrowingContinuation.
| @@ -49,7 +50,7 @@ public class AWSSigV4Signer: SmithyHTTPAuthAPI.Signer { | |||
| ) | |||
| } | |||
|
|
|||
| guard let identity = identity as? AWSCredentialIdentity else { | |||
| guard let identity = (identity as? AWSCredentialIdentity) ?? (identity as? S3ExpressIdentity)?.awsCredentialIdentity else { | |||
There was a problem hiding this comment.
When the CRT signer signs in S3 Express mode, it intakes the S3 Express credentials using the same Credentials type as with any other signing operation. So, when an S3ExpressIdentity is supplied, convert it to an AWS credential identity to pass into CRT (see private helper method below.)
| import protocol SmithyHTTPAuthAPI.Signer | ||
| import struct Smithy.Attributes | ||
|
|
||
| public struct SigV4S3ExpressAuthScheme: AuthScheme { |
There was a problem hiding this comment.
This AuthScheme for S3 Express is basically the sigv4 auth scheme, but with a different scheme ID & signing algorithm.
|
|
||
| import struct Smithy.AttributeKey | ||
|
|
||
| public enum AWSIdentityPropertyKeys { |
There was a problem hiding this comment.
These keys are used to pass data & components into identity resolvers in a type-safe manner.
| clientConfig: DefaultClientConfiguration, | ||
| bucket: String | ||
| ) async throws -> S3ExpressIdentity | ||
| } |
There was a problem hiding this comment.
This protocol provides an interface for the S3 Express identity resolver to call S3 CreateSession to get credentials, without depending on the code-generated S3 client.
A SwiftIntegration on the S3 service provides conformance with this protocol.
|
|
||
| import protocol SmithyIdentityAPI.Identity | ||
| import struct Foundation.Date | ||
|
|
There was a problem hiding this comment.
A type to hold a S3 Express identity.
| import struct Smithy.Attributes | ||
| import protocol SmithyIdentityAPI.IdentityResolver | ||
|
|
||
| public protocol S3ExpressIdentityResolver: IdentityResolver where IdentityT == S3ExpressIdentity {} |
There was a problem hiding this comment.
A convenience declaration for the type of an S3 Express-specialized identity resolver.
| authOption.signingProperties.set(key: SmithyHTTPAuthAPI.SigningPropertyKeys.signingRegion, value: param.signingRegion) | ||
| authOption.identityProperties.set(key: AWSSDKIdentity.AWSIdentityPropertyKeys.bucket, value: serviceParams.bucket) | ||
| authOption.identityProperties.set(key: AWSSDKIdentity.AWSIdentityPropertyKeys.s3ExpressClient, value: S3ExpressCreateSessionClient()) | ||
| validAuthOptions.append(authOption) |
There was a problem hiding this comment.
[Note: this is generated code]
An auth option is added for S3 Express. The bucket name and a S3ExpressCreateSessionClient are added to identity properties for use by the S3 Express identity resolver.
| @@ -22522,6 +22523,7 @@ extension GetObjectInput { | |||
| .withExpiration(value: expiration) | |||
| .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4") | |||
| .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: "aws.auth#sigv4a") | |||
| .withIdentityResolver(value: config.s3ExpressIdentityResolver, schemeID: "aws.auth#sigv4-s3express") | |||
There was a problem hiding this comment.
[Note: this is generated code]
For this & several other presigned URLs:
- The client config is added to context so it can be used for the S3 CreateSession operation to get credentials later on.
- The S3 Express identity resolver is added to the operation.
| @@ -44,7 +45,7 @@ public class DefaultAWSAuthSchemePlugin: ClientRuntime.Plugin { | |||
| public func configureClient(clientConfiguration: ClientRuntime.ClientConfiguration) throws { | |||
| if let config = clientConfiguration as? S3Client.S3ClientConfiguration { | |||
| config.authSchemeResolver = DefaultS3AuthSchemeResolver() | |||
| config.authSchemes = [AWSSDKHTTPAuth.SigV4AuthScheme(), AWSSDKHTTPAuth.SigV4AAuthScheme()] | |||
| config.authSchemes = [AWSSDKHTTPAuth.SigV4AuthScheme(), AWSSDKHTTPAuth.SigV4AAuthScheme(), AWSSDKHTTPAuth.SigV4S3ExpressAuthScheme()] | |||
There was a problem hiding this comment.
[Note: this is generated code]
SigV4S3ExpressAuthScheme is added to the service's auth schemes
|
|
||
| if (ctx.service.isS3) { | ||
| updatedAuthSchemeList += writer.format("\$N()", AWSSDKHTTPAuthTypes.SigV4S3ExpressAuthScheme) | ||
| } |
There was a problem hiding this comment.
SigV4S3ExpressAuthScheme is added, but only to the S3 service client.
| @@ -36,6 +37,9 @@ abstract class AWSHTTPProtocolCustomizations : DefaultHTTPProtocolCustomizations | |||
| } | |||
| writer.write(" .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: \$S)", "aws.auth#sigv4") | |||
| writer.write(" .withIdentityResolver(value: config.awsCredentialIdentityResolver, schemeID: \$S)", "aws.auth#sigv4a") | |||
| if (ctx.service.isS3) { | |||
| writer.write(" .withIdentityResolver(value: config.s3ExpressIdentityResolver, schemeID: \$S)", "aws.auth#sigv4-s3express") | |||
| } | |||
There was a problem hiding this comment.
S3 Express identity resolver is added to the context for an operation, but only to the S3 service client.
| ) | ||
| write("validAuthOptions.append(authOption)") | ||
| dedent() | ||
| } |
There was a problem hiding this comment.
In the S3 rules-based auth scheme resolver only, the S3 Express auth option is added.
(See the generated code above for more discussion of the content here.)
| ctx: SwiftCodegenContext, | ||
| protocolGenerationContext: ProtocolGenerator.GenerationContext, | ||
| delegator: SwiftDelegator | ||
| ) { |
There was a problem hiding this comment.
This method generates a file that creates a concrete implementation of the S3ExpressCreateSessionClient protocol.
An instance of this class is passed into the S3 credential provider, and allows that credential provider to call S3 without actually depending on S3.
Description of changes
Provides customizations needed to utilize the S3 Express feature.
New/existing dependencies impact assessment, if applicable
No new dependencies were added to this change.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.