SigV4A auth selection update

aws · Dec 16, 2024 · 7d0fcd6 · 7d0fcd6
1 parent 0efa522
commit 7d0fcd6
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 3 deletions.
diff --git a/...main/java/com/amazonaws/util/awsclientgenerator/domainmodels/codegeneration/Metadata.java b/...main/java/com/amazonaws/util/awsclientgenerator/domainmodels/codegeneration/Metadata.java
@@ -7,6 +7,7 @@
 
 import lombok.Data;
 
+import java.util.List;
 import java.util.Map;
 
 @Data
@@ -43,4 +44,7 @@ public class Metadata {
     private boolean hasPreSignedUrl;
 
     private boolean awsQueryCompatible;
+
+    // Priority-ordered list of auth types present on the service model
+    private List<String> auth;
 }
diff --git a/...rc/main/java/com/amazonaws/util/awsclientgenerator/generators/cpp/CppClientGenerator.java b/...rc/main/java/com/amazonaws/util/awsclientgenerator/generators/cpp/CppClientGenerator.java
@@ -208,6 +208,37 @@ protected void addRequestIdToResults(final ServiceModel serviceModel) {
                 });
     }
 
+    private static Set<String> servicesMissingMultiAuthMRAPTrait = new HashSet<>();
+    static {
+        servicesMissingMultiAuthMRAPTrait.add("S3");
+        servicesMissingMultiAuthMRAPTrait.add("S3-CRT");
+        servicesMissingMultiAuthMRAPTrait.add("CloudFront KeyValueStore");
+        servicesMissingMultiAuthMRAPTrait.add("SESv2");
+        servicesMissingMultiAuthMRAPTrait.add("EventBridge");
+    }
+
+    private void CheckAndEnableSigV4A(final ServiceModel serviceModel, VelocityContext context) {
+        List<String> c2jAuthList = serviceModel.getMetadata().getAuth();
+        String serviceId = serviceModel.getMetadata().getServiceId();
+        if (c2jAuthList != null && c2jAuthList.contains("aws.auth#sigv4a") ||
+             servicesMissingMultiAuthMRAPTrait.contains(serviceId)) {
+            context.put("multiRegionAccessPointSupported", true);
+        }
+        // todo: remove these checks later
+        if (serviceModel.getEndpointRules().contains("\"sigv4a\"") &&
+                !context.containsKey("multiRegionAccessPointSupported")) {
+            throw new RuntimeException("Endpoint rules reference sigv4a auth scheme but c2j model " + serviceId +
+                    " does not list aws.auth#sigv4a as a supported auth!");
+        }
+        if (c2jAuthList != null) {
+            boolean hasSigV4AndBearer = c2jAuthList.contains("smithy.api#httpBearerAuth") &&
+                    (c2jAuthList.contains("aws.auth#sigv4a") || c2jAuthList.contains("aws.auth#sigv4"));
+            if (!serviceModel.isUseSmithyClient() && hasSigV4AndBearer) {
+                throw new RuntimeException("SDK Clients cannot mix AWS and Bearer Credentials without enabling Smithy Identity!");
+            }
+        }
+    }
+
     protected final VelocityContext createContext(final ServiceModel serviceModel) {
         VelocityContext context = new VelocityContext();
         context.put("nl", System.lineSeparator());
@@ -216,9 +247,8 @@ protected final VelocityContext createContext(final ServiceModel serviceModel) {
         context.put("output.encoding", StandardCharsets.UTF_8.name());
         context.put("nullChar", '\0');
 
-        if (serviceModel.getEndpointRules().contains("\"sigv4a\"")) {
-            context.put("multiRegionAccessPointSupported", true);
-        }
+        CheckAndEnableSigV4A(serviceModel, context);
+
         return context;
     }