SigV4A auth selection update (#3225)

tools/code-generation/generator/src/main/java/com/amazonaws/util/awsclientgenerator/domainmodels/codegeneration/Metadata.java

@@ -7,6 +7,7 @@
 
 import lombok.Data;
 
+import java.util.List;
 import java.util.Map;
 
 @Data
@@ -43,4 +44,7 @@ public class Metadata {
     private boolean hasPreSignedUrl;
 
     private boolean awsQueryCompatible;
+
+    // Priority-ordered list of auth types present on the service model
+    private List<String> auth;
 }

tools/code-generation/generator/src/main/java/com/amazonaws/util/awsclientgenerator/domainmodels/codegeneration/Operation.java

@@ -23,6 +23,9 @@ public class Operation {
     private boolean virtualAddressAllowed;
     private String virtualAddressMemberName;
     private String authtype;
+    // Non-empty, priority-ordered list of string auth types.
+    // This trait should only be present if its value differs from the service-level trait
+    private List<String> auth; // aws.auth#sigv4 | aws.auth#sigv4a | smithy.api#httpBearerAuth | smithy.api#noAuth
     private String signerName;
     private String authorizer;
     private boolean eventStream;

tools/code-generation/generator/src/main/java/com/amazonaws/util/awsclientgenerator/generators/cpp/CppClientGenerator.java

@@ -18,6 +18,7 @@
 import com.amazonaws.util.awsclientgenerator.generators.exceptions.SourceGenerationFailedException;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.Sets;
 import org.apache.velocity.Template;
 import org.apache.velocity.VelocityContext;
@@ -208,6 +209,40 @@ protected void addRequestIdToResults(final ServiceModel serviceModel) {
                 });
     }
 
+    private static Set<String> servicesMissingMultiAuthMRAPTrait = ImmutableSet.of(
+            "S3",
+            "S3-CRT",
+            "CloudFront KeyValueStore",
+            "SESv2",
+            "EventBridge");
+
+    private void CheckAndEnableSigV4A(final ServiceModel serviceModel, VelocityContext context) {
+        List<String> c2jAuthList = serviceModel.getMetadata().getAuth();
+        String serviceId = serviceModel.getMetadata().getServiceId();
+        if (c2jAuthList != null && c2jAuthList.contains("aws.auth#sigv4a") ||
+             servicesMissingMultiAuthMRAPTrait.contains(serviceId)) {
+            context.put("multiRegionAccessPointSupported", true);
+        }
+        // todo: remove these checks later
+        if (!context.containsKey("multiRegionAccessPointSupported")) {
+            boolean hasSigV4AOperation = serviceModel.getOperations().values().stream()
+                    .anyMatch(op -> op.getAuth() != null && op.getAuth().contains("aws.auth#sigv4a"));
+
+            if (serviceModel.getEndpointRules().contains("\"sigv4a\"") || hasSigV4AOperation) {
+                throw new RuntimeException("Endpoint rules or operation reference sigv4a auth scheme but c2j model " + serviceId +
+                        " does not list aws.auth#sigv4a as a supported auth!");
+            }
+        }
+
+        if (c2jAuthList != null) {
+            boolean hasSigV4AndBearer = c2jAuthList.contains("smithy.api#httpBearerAuth") &&
+                    (c2jAuthList.contains("aws.auth#sigv4a") || c2jAuthList.contains("aws.auth#sigv4"));
+            if (!serviceModel.isUseSmithyClient() && hasSigV4AndBearer) {
+                throw new RuntimeException("SDK Clients cannot mix AWS and Bearer Credentials without enabling Smithy Identity!");
+            }
+        }
+    }
+
     protected final VelocityContext createContext(final ServiceModel serviceModel) {
         VelocityContext context = new VelocityContext();
         context.put("nl", System.lineSeparator());
@@ -216,9 +251,8 @@ protected final VelocityContext createContext(final ServiceModel serviceModel) {
         context.put("output.encoding", StandardCharsets.UTF_8.name());
         context.put("nullChar", '\0');
 
-        if (serviceModel.getEndpointRules().contains("\"sigv4a\"")) {
-            context.put("multiRegionAccessPointSupported", true);
-        }
+        CheckAndEnableSigV4A(serviceModel, context);
+
         return context;
     }