changes to support runtime switch between event streaming signer vs r…

…egular for the same auth
aws · Dec 3, 2024 · f375469 · f375469
1 parent b14a63f
commit f375469
Show file tree

Hide file tree

Showing 17 changed files with 74 additions and 30 deletions.
diff --git a/generated/src/aws-cpp-sdk-qbusiness/source/QBusinessClient.cpp b/generated/src/aws-cpp-sdk-qbusiness/source/QBusinessClient.cpp
@@ -113,7 +113,7 @@ QBusinessClient::QBusinessClient(const QBusiness::QBusinessClientConfiguration&
         endpointProvider ? endpointProvider : Aws::MakeShared<QBusinessEndpointProvider>(ALLOCATION_TAG),
         Aws::MakeShared<smithy::SigV4AuthSchemeResolver<>>(ALLOCATION_TAG),
         {
-            {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{GetServiceName(), clientConfiguration.region}},
+            {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{GetServiceName(), clientConfiguration.region, true}},
         })
 {
   init(m_clientConfiguration);
@@ -129,7 +129,7 @@ QBusinessClient::QBusinessClient(const AWSCredentials& credentials,
         endpointProvider ? endpointProvider : Aws::MakeShared<QBusinessEndpointProvider>(ALLOCATION_TAG),
         Aws::MakeShared<smithy::SigV4AuthSchemeResolver<>>(ALLOCATION_TAG),
         {
-            {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{Aws::MakeShared<smithy::SimpleAwsCredentialIdentityResolver>(ALLOCATION_TAG, credentials), GetServiceName(), clientConfiguration.region}},
+            {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{Aws::MakeShared<smithy::SimpleAwsCredentialIdentityResolver>(ALLOCATION_TAG, credentials), GetServiceName(), clientConfiguration.region , true}},
         })
 {
   init(m_clientConfiguration);
@@ -145,7 +145,7 @@ QBusinessClient::QBusinessClient(const std::shared_ptr<AWSCredentialsProvider>&
         endpointProvider ? endpointProvider : Aws::MakeShared<QBusinessEndpointProvider>(ALLOCATION_TAG),
         Aws::MakeShared<smithy::SigV4AuthSchemeResolver<>>(ALLOCATION_TAG),
         {
-            {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{ Aws::MakeShared<smithy::AwsCredentialsProviderIdentityResolver>(ALLOCATION_TAG, credentialsProvider), GetServiceName(), clientConfiguration.region}}
+            {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{ Aws::MakeShared<smithy::AwsCredentialsProviderIdentityResolver>(ALLOCATION_TAG, credentialsProvider), GetServiceName(), clientConfiguration.region , true}}
         })
 {
   init(m_clientConfiguration);
@@ -160,7 +160,7 @@ QBusinessClient::QBusinessClient(const Client::ClientConfiguration& clientConfig
       Aws::MakeShared<QBusinessEndpointProvider>(ALLOCATION_TAG),
       Aws::MakeShared<smithy::SigV4AuthSchemeResolver<>>(ALLOCATION_TAG),
       {
-          {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{Aws::MakeShared<smithy::DefaultAwsCredentialIdentityResolver>(ALLOCATION_TAG), GetServiceName(), clientConfiguration.region}}
+          {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{Aws::MakeShared<smithy::DefaultAwsCredentialIdentityResolver>(ALLOCATION_TAG), GetServiceName(), clientConfiguration.region , true}}
       })
 {
   init(m_clientConfiguration);
@@ -175,7 +175,7 @@ QBusinessClient::QBusinessClient(const AWSCredentials& credentials,
         Aws::MakeShared<QBusinessEndpointProvider>(ALLOCATION_TAG),
         Aws::MakeShared<smithy::SigV4AuthSchemeResolver<>>(ALLOCATION_TAG),
         {
-          {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{Aws::MakeShared<smithy::SimpleAwsCredentialIdentityResolver>(ALLOCATION_TAG, credentials), GetServiceName(), clientConfiguration.region}}
+          {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{Aws::MakeShared<smithy::SimpleAwsCredentialIdentityResolver>(ALLOCATION_TAG, credentials), GetServiceName(), clientConfiguration.region , true}}
         })
 {
   init(m_clientConfiguration);
@@ -190,7 +190,7 @@ QBusinessClient::QBusinessClient(const std::shared_ptr<AWSCredentialsProvider>&
         Aws::MakeShared<QBusinessEndpointProvider>(ALLOCATION_TAG),
         Aws::MakeShared<smithy::SigV4AuthSchemeResolver<>>(ALLOCATION_TAG),
         {
-          {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{Aws::MakeShared<smithy::AwsCredentialsProviderIdentityResolver>(ALLOCATION_TAG, credentialsProvider), GetServiceName(), clientConfiguration.region}}
+          {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{Aws::MakeShared<smithy::AwsCredentialsProviderIdentityResolver>(ALLOCATION_TAG, credentialsProvider), GetServiceName(), clientConfiguration.region , true}}
         })
 {
   init(m_clientConfiguration);
@@ -349,6 +349,7 @@ void QBusinessClient::ChatAsync(Model::ChatRequest& request,
         resolvedEndpoint.SetRfc3986Encoded(endpointOverrides.setRfc3986Encoded);
         resolvedEndpoint.SetQueryString(endpointOverrides.queryString);
       },
+      true,
       eventEncoderStream
       );
       if(outcome.IsSuccess())

diff --git a/src/aws-cpp-sdk-core/include/smithy/client/AwsSmithyClient.h b/src/aws-cpp-sdk-core/include/smithy/client/AwsSmithyClient.h
@@ -86,6 +86,11 @@ namespace client
                     else
                         assert(!"Unknown endpoint parameter!");
                 }
+                if (ctx.m_isEventStreaming)
+                {
+                    identityParams.additionalProperties.insert({"isEventStreaming", true});
+                }
+
                 const auto& serviceParams = ctx.m_pRequest->GetServiceSpecificParameters();
                 if (serviceParams) {
                     for (const auto& serviceParam : serviceParams->parameterMap) {
@@ -125,10 +130,11 @@ namespace client
                                      const char* requestName,
                                      Aws::Http::HttpMethod method,
                                      EndpointUpdateCallback&& endpointCallback,
+                                     bool isEventStreamRequest = false,
                                      std::shared_ptr<Aws::Utils::Event::EventEncoderStream> eventEncoderStream_sp = nullptr
                                      ) const
         {
-            auto httpResponseOutcome = MakeRequestSync(request, requestName, method, std::move(endpointCallback),  std::move(eventEncoderStream_sp));
+            auto httpResponseOutcome = MakeRequestSync(request, requestName, method, std::move(endpointCallback), isEventStreamRequest,  std::move(eventEncoderStream_sp));
             return m_serializer->Deserialize(std::move(httpResponseOutcome), GetServiceClientName(), requestName);
         }
 

diff --git a/src/aws-cpp-sdk-core/include/smithy/client/AwsSmithyClientAsyncRequestContext.h b/src/aws-cpp-sdk-core/include/smithy/client/AwsSmithyClientAsyncRequestContext.h
@@ -73,6 +73,7 @@ namespace smithy
             std::shared_ptr<Aws::Utils::Threading::Executor> m_pExecutor;
             std::shared_ptr<interceptor::InterceptorContext> m_interceptorContext;
             std::shared_ptr<Aws::Utils::Threading::Semaphore> m_semaphore;
+            bool m_isEventStreaming{false};
         };
     } // namespace client
 } // namespace smithy
diff --git a/src/aws-cpp-sdk-core/include/smithy/client/AwsSmithyClientBase.h b/src/aws-cpp-sdk-core/include/smithy/client/AwsSmithyClientBase.h
@@ -140,13 +140,15 @@ namespace client
                               EndpointUpdateCallback&& endpointCallback,
                               ResponseHandlerFunc&& responseHandler,
                               std::shared_ptr<Aws::Utils::Threading::Executor> pExecutor,
+                              bool isEventStreamRequest,
                               std::shared_ptr<Aws::Utils::Event::EventEncoderStream> eventEncoderStream_sp
                               ) const;
 
         HttpResponseOutcome MakeRequestSync(Aws::AmazonWebServiceRequest const * const request,
                                             const char* requestName,
                                             Aws::Http::HttpMethod method,
                                             EndpointUpdateCallback&& endpointCallback,
+                                            bool isEventStreamRequest,
                                             std::shared_ptr<Aws::Utils::Event::EventEncoderStream> eventEncoderStream_sp) const;
 
     protected:

diff --git a/src/aws-cpp-sdk-core/include/smithy/client/common/AwsSmithyRequestSigning.h b/src/aws-cpp-sdk-core/include/smithy/client/common/AwsSmithyRequestSigning.h
@@ -141,7 +141,7 @@ namespace smithy
                 }
                 auto identity = std::move(identityResult.GetResultWithOwnership());
 
-                std::shared_ptr<Signer> signer = authScheme.signer();
+                std::shared_ptr<Signer> signer = authScheme.signer(m_targetAuthSchemeOption.isEventStreaming);
                 if (!signer)
                 {
                     result.emplace(SigningError(Aws::Client::CoreErrors::CLIENT_SIGNING_FAILURE,
@@ -198,7 +198,7 @@ namespace smithy
                 using IdentityT = typename std::remove_reference<decltype(authScheme)>::type::IdentityT;
                 using Signer = AwsSignerBase<IdentityT>;
 
-                std::shared_ptr<Signer> signer = authScheme.signer();
+                std::shared_ptr<Signer> signer = authScheme.signer(m_targetAuthSchemeOption.isEventStreaming);
                 if (!signer)
                 {
                     AWS_LOGSTREAM_ERROR(AWS_SMITHY_CLIENT_SIGNING_TAG, "Failed to adjust signing clock skew. Signer is null.");
@@ -253,13 +253,13 @@ namespace smithy
                 using IdentityT = typename std::remove_reference<decltype(authScheme)>::type::IdentityT;
                 using Signer = AwsSignerBase<IdentityT>;
 
-                std::shared_ptr<Signer> signer = authScheme.signer();
+                std::shared_ptr<Signer> signer = authScheme.signer(m_targetAuthSchemeOption.isEventStreaming);
                 if (!signer)
                 {
                     AWS_LOGSTREAM_ERROR(AWS_SMITHY_CLIENT_SIGNING_TAG, "Failed to adjust signing clock skew. Signer is null.");
                     return;
                 }
-                //typecast to streaming type
+                //typecast to streaming type as we know this visitor is for smithy types
                 (std::dynamic_pointer_cast<Aws::Utils::Event::SmithyEventEncoderStream<IdentityT>>(m_eventEncoderStreamSp))->SetSigner(signer);
             }
         };

diff --git a/src/aws-cpp-sdk-core/include/smithy/identity/auth/AuthScheme.h b/src/aws-cpp-sdk-core/include/smithy/identity/auth/AuthScheme.h
@@ -26,6 +26,6 @@ namespace smithy {
 
         virtual std::shared_ptr<IdentityResolverBase<IdentityT>> identityResolver() = 0;
 
-        virtual std::shared_ptr<AwsSignerBase<IdentityT>> signer() = 0;
+        virtual std::shared_ptr<AwsSignerBase<IdentityT>> signer(bool isEventStreaming = false) = 0;
     };
 }
diff --git a/src/aws-cpp-sdk-core/include/smithy/identity/auth/AuthSchemeOption.h b/src/aws-cpp-sdk-core/include/smithy/identity/auth/AuthSchemeOption.h
@@ -19,9 +19,11 @@ namespace smithy {
         /* note: AuthSchemeOption is not connected with AuthScheme by type system, only by the String of schemeId, this is in accordance with SRA */
     public:
         AuthSchemeOption(const char* id = nullptr): schemeId(id) {}
+        AuthSchemeOption(const char* id, bool isStreaming): schemeId(id),isEventStreaming{isStreaming} {}
         virtual ~AuthSchemeOption() = default;
 
         const char* schemeId = nullptr;
+        bool isEventStreaming{false};
 
         PropertyBag virtual identityProperties() const { return PropertyBag{}; };
         PropertyBag virtual signerProperties() const { return PropertyBag{}; };

diff --git a/src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/BearerTokenAuthScheme.h b/src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/BearerTokenAuthScheme.h
@@ -50,7 +50,7 @@ class BearerTokenAuthScheme : public AuthScheme<AwsBearerTokenIdentityBase>
         return m_identityResolver;
     }
 
-    std::shared_ptr<AwsCredentialSignerT> signer() override { return m_signer; }
+    std::shared_ptr<AwsCredentialSignerT> signer(bool) override { return m_signer; }
 
   protected:
     std::shared_ptr<AwsCredentialIdentityResolverT> m_identityResolver;

diff --git a/src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/SigV4AuthScheme.h b/src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/SigV4AuthScheme.h
@@ -24,24 +24,33 @@ namespace smithy {
         using AwsCredentialSignerT = AwsSignerBase<IdentityT>;
         using SigV4AuthSchemeParameters = DefaultAuthSchemeResolverParameters;
 
-        //This allows to override the identity resolver
+        //same authscheme can have two variants for the same scheme id that can be switched 
+        //in between for different operations
         explicit SigV4AuthScheme(std::shared_ptr<AwsCredentialIdentityResolverT> identityResolver, 
                                  const Aws::String& serviceName,
-                                 const Aws::String& region)
+                                 const Aws::String& region,
+                                 bool eventStream = false)
             : AuthScheme(SIGV4), 
-            m_identityResolver{identityResolver}, 
+            m_identityResolver{identityResolver},
             m_signer{Aws::MakeShared<AwsSigV4Signer>("SigV4AuthScheme", serviceName, region)}
         {
+            if(eventStream)
+            {
+                m_eventStreamSigner = Aws::MakeShared<AWSAuthEventStreamV4Signer>("SigV4AuthScheme", serviceName, region);
+                assert(m_eventStreamSigner);
+            }
             assert(m_identityResolver);
             assert(m_signer);
         }
 
         //delegate constructor
         explicit SigV4AuthScheme(const Aws::String& serviceName,
-                                 const Aws::String& region)
+                                 const Aws::String& region,
+                                 bool eventStream = false)
             : SigV4AuthScheme(Aws::MakeShared<DefaultAwsCredentialIdentityResolver>("SigV4AuthScheme"),  
                               serviceName,
-                              region)
+                              region,
+                              eventStream)
         {
         }
 
@@ -52,12 +61,19 @@ namespace smithy {
             return m_identityResolver;
         }
 
-        std::shared_ptr<AwsCredentialSignerT> signer() override
+        std::shared_ptr<AwsCredentialSignerT> signer(bool isEventStreaming) override
         {
+            if(isEventStreaming && m_eventStreamSigner)
+            {
+                return m_eventStreamSigner;
+            }
+
             return m_signer;
         }
     protected:
         std::shared_ptr<AwsCredentialIdentityResolverT> m_identityResolver;
         std::shared_ptr<AwsCredentialSignerT> m_signer;
+        std::shared_ptr<AwsCredentialSignerT> m_eventStreamSigner;
     };
+
 }
diff --git a/src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/SigV4AuthSchemeOption.h b/src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/SigV4AuthSchemeOption.h
@@ -11,5 +11,6 @@ namespace smithy {
     struct SigV4AuthSchemeOption
     {
         static SMITHY_API AuthSchemeOption sigV4AuthSchemeOption;
+        static SMITHY_API AuthSchemeOption sigV4EventStreamingAuthSchemeOption;
     };
 }
diff --git a/src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/SigV4AuthSchemeResolver.h b/src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/SigV4AuthSchemeResolver.h
@@ -18,7 +18,12 @@ namespace smithy {
 
         Aws::Vector<AuthSchemeOption> resolveAuthScheme(const ServiceAuthSchemeParameters& identityProperties) override
         {
-            AWS_UNREFERENCED_PARAM(identityProperties);
+            //AWS_UNREFERENCED_PARAM(identityProperties);
+            if(identityProperties.additionalProperties.find("isEventStreaming") != identityProperties.additionalProperties.end())
+            {
+                return  {SigV4AuthSchemeOption::sigV4EventStreamingAuthSchemeOption};
+            }
+
             return {SigV4AuthSchemeOption::sigV4AuthSchemeOption};
         }
     };

diff --git a/src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/SigV4aAuthScheme.h b/src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/SigV4aAuthScheme.h
@@ -52,7 +52,7 @@ namespace smithy {
             return m_identityResolver;
         }
 
-        std::shared_ptr<AwsCredentialSignerT> signer() override
+        std::shared_ptr<AwsCredentialSignerT> signer(bool) override
         {
             return m_signer;
         }

diff --git a/src/aws-cpp-sdk-core/source/smithy/client/AwsSmithyClientBase.cpp b/src/aws-cpp-sdk-core/source/smithy/client/AwsSmithyClientBase.cpp
@@ -99,6 +99,7 @@ void AwsSmithyClientBase::MakeRequestAsync(Aws::AmazonWebServiceRequest const* c
                                            EndpointUpdateCallback&& endpointCallback,
                                            ResponseHandlerFunc&& responseHandler,
                                            std::shared_ptr<Aws::Utils::Threading::Executor> pExecutor,
+                                           bool isEventStreamRequest,
                                            std::shared_ptr<Aws::Utils::Event::EventEncoderStream> eventEncoderStreamSp
                                            ) const
 {
@@ -131,6 +132,8 @@ void AwsSmithyClientBase::MakeRequestAsync(Aws::AmazonWebServiceRequest const* c
     pRequestCtx->m_method = method;
     pRequestCtx->m_retryCount = 0;
     pRequestCtx->m_invocationId = Aws::Utils::UUID::PseudoRandomUUID();
+    pRequestCtx->m_isEventStreaming = isEventStreamRequest;
+
     auto authSchemeOptionOutcome = this->SelectAuthSchemeOption(*pRequestCtx);
     if (!authSchemeOptionOutcome.IsSuccess())
     {
@@ -493,6 +496,7 @@ AwsSmithyClientBase::MakeRequestSync(Aws::AmazonWebServiceRequest const * const
                                      const char* requestName,
                                      Aws::Http::HttpMethod method,
                                      EndpointUpdateCallback&& endpointCallback,
+                                     bool isEventStreamRequest,
                                      std::shared_ptr<Aws::Utils::Event::EventEncoderStream> eventEncoderStream_sp
                                      ) const
 {
@@ -507,7 +511,7 @@ AwsSmithyClientBase::MakeRequestSync(Aws::AmazonWebServiceRequest const * const
 
     pExecutor->Submit([&]()
     {
-        this->MakeRequestAsync(request, requestName, method, std::move(endpointCallback) ,std::move(responseHandler), pExecutor, std::move(eventEncoderStream_sp));
+        this->MakeRequestAsync(request, requestName, method, std::move(endpointCallback) ,std::move(responseHandler), pExecutor, isEventStreamRequest, std::move(eventEncoderStream_sp));
     });
     pExecutor->WaitUntilStopped();
 

diff --git a/src/aws-cpp-sdk-core/source/smithy/identity/AuthSchemeOption.cpp b/src/aws-cpp-sdk-core/source/smithy/identity/AuthSchemeOption.cpp
@@ -8,4 +8,5 @@
 using namespace smithy;
 
 AuthSchemeOption SigV4AuthSchemeOption::sigV4AuthSchemeOption = AuthSchemeOption("aws.auth#sigv4");
-AuthSchemeOption SigV4aAuthSchemeOption::sigV4aAuthSchemeOption = AuthSchemeOption("aws.auth#sigv4a");
+AuthSchemeOption SigV4aAuthSchemeOption::sigV4aAuthSchemeOption = AuthSchemeOption("aws.auth#sigv4a");
+AuthSchemeOption SigV4AuthSchemeOption::sigV4EventStreamingAuthSchemeOption = AuthSchemeOption("aws.auth#sigv4", true);