This PR adds support for SSO bearer token authentication to the AWS SDK,
specifically for Code Catalyst, which requires authentication via SSO
with a Builder ID using a bearer token rather than SigV4.
This functionality was developed in a feature branch, and this PR merely
merges that branch to main. The changes consist of the following
previous PRs:
- https://github.com/smithy-lang/smithy-rs/pull/3381
- https://github.com/smithy-lang/smithy-rs/pull/3442
- https://github.com/smithy-lang/smithy-rs/pull/3443
All these changes have been reviewed in the previous PRs, but it would
be good to review this again as a whole to verify it all looks good.
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
Co-authored-by: Russell Cohen <rcoh@amazon.com>
## Motivation and Context
Fixes the following error when a pre-commit hook `runtime-versioner`
runs in a repo created from HTTP remote:
```
Error: smithy-rs origin must be 'git@github.com:smithy-lang/smithy-rs.git' in order to get the latest release tags
```
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
## Motivation and Context
<!--- Why is this change required? What problem does it solve? -->
<!--- If it fixes an open issue, please link to the issue here -->
This is required to enable an upcoming service-specific env config
feature
## Description
<!--- Describe your changes in detail -->
This PR adds support for accessing profile config data defined in any
sort of section. It also supports sub-properties.
## Testing
<!--- Please describe in detail how you tested your changes -->
<!--- Include details of your testing environment, and the tests you ran
to -->
<!--- see how your change affects other areas of the code, etc. -->
I wrote tests
## Checklist
No changelog entry because this feature isn't publicly accessible yet.
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
---------
Co-authored-by: John DiSanti <jdisanti@amazon.com>
This PR adds the Code Catalyst service to the smoke test models, which
is already done as part of #3453, but having it as a separate commit
that merges before #3453 will allow us to see a codegen diff on the Code
Catalyst service during review of that feature.
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
This will make all the runtime crates independently versioned, which
will later remove the need for version number properties in the
gradle.properties file. A full release cycle should be done before
cleaning up the old logic just to be safe though.
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
This PR makes the runtime-versioner run via pre-commit so that devs will
know if they need to version bump a runtime crate sooner than CI would
otherwise tell them.
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
The sparse index is preferred to the crates.io API for the checks we
need, according to the [documentation](https://crates.io/data-access).
When the tools were first implemented, the sparse index didn't exist, so
the API was used.
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
This PR fixes the workspace resolver version warning in the SDK's
generated workspace `Cargo.toml` file.
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
This fixes the claim crate names GitHub Actions workflow that runs on
changes to main.
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
## Motivation and Context
Currently only a single author can be provided to a changelog entry.
This does not support the cases where a single PR was coauthored by
multiple authors and/or multiple PRs were authored by different
individuals.
## Description
- Accept a list of strings, in addition to a single string in the
`author` field. Each author in the list is added as a contributor to
every PR provided in references.
- Accept references of the form `{ "id": <ID>, "authors": <Author> }`,
in addition to `ID`. Each author given in `authors` is added as a
contributor to that PR. Authors common to all references will be
serialized in the same way as using the top-level `author` field.
## Notes
- This should not be a breaking change. Existing `CHANGELOG.next.toml`
should be deserialized and then serialized identically.
---------
Co-authored-by: Harry Barber <hlbarber@amazon.co.uk>
Co-authored-by: John DiSanti <jdisanti@amazon.com>
## Motivation and Context
A step towards moving to http-1.0
https://github.com/awslabs/aws-sdk-rust/issues/1046
(Russell): This is a minimal implementation of `http-body = 1`. It isn't
maximally efficient since even if we were given a 1x body, we convert it
back and forth first. This is a first step.
## Description
Implements http-body-1.0 Body trait for SdkBody.
## Testing
Regular CI
## Checklist
<!--- If a checkbox below is not applicable, then please DELETE it
rather than leaving it unchecked -->
- [x] I have updated `CHANGELOG.next.toml` if I made changes to the
smithy-rs codegen or runtime crates
- [x] I have updated `CHANGELOG.next.toml` if I made changes to the AWS
SDK, generated SDK code, or SDK runtime crates
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
---------
Co-authored-by: Russell Cohen <rcoh@amazon.com>
Co-authored-by: Russell Cohen <russell.r.cohen@gmail.com>
Co-authored-by: John DiSanti <john@vinylsquid.com>
Co-authored-by: John DiSanti <jdisanti@amazon.com>
## Motivation and Context
<!--- Why is this change required? What problem does it solve? -->
<!--- If it fixes an open issue, please link to the issue here -->
This change adds a new crate, `aws-smithy-wasm`, that exports a SDK
compatible WASI http client. This is a continuation of the work in #2520
using the now stabilized WASI 0.2.0 interfaces from the [wasi
crate](https://crates.io/crates/wasi). This supports, but does not
finalize the work for #2087
## Description
<!--- Describe your changes in detail -->
Add a new crate, `aws-smithy-wasm` which exports a function
`wasi_http_client` that will provide the user with a WASI compatible
http client. This client is implemented by using the
`wasi::http::outgoing_handler`
[ref](https://docs.rs/wasi/0.12.0+wasi-0.2.0/wasi/http/outgoing_handler/index.html)
along with some utility implementations of `TryFrom` to transform back
and worth between the types from the `http` crate and the `wasi::http`
types. It also exports a unit struct `WasmSleep` that impls the
`AsyncSleep` trait needed by the SDK.
## Testing
<!--- Please describe in detail how you tested your changes -->
<!--- Include details of your testing environment, and the tests you ran
to -->
<!--- see how your change affects other areas of the code, etc. -->
This is tested via an integration test in
`aws/sdk/integration-tests/webassembly` that uses the wasi http-client
to vuild a config and an operation (that is not sent). It is further
tested in a new canary (`wasm_canary`) that calls the S3
`list_objects_v2` API.
## Checklist
<!--- If a checkbox below is not applicable, then please DELETE it
rather than leaving it unchecked -->
- [X] I have updated `CHANGELOG.next.toml` if I made changes to the
smithy-rs codegen or runtime crates
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
---------
Co-authored-by: Eduardo Rodrigues <eduardomourar@users.noreply.github.com>
Co-authored-by: Eduardo de Moura Rodrigues <16357187+eduardomourar@users.noreply.github.com>
Co-authored-by: ysaito1001 <awsaito@amazon.com>
Co-authored-by: John DiSanti <jdisanti@amazon.com>
Co-authored-by: Russell Cohen <rcoh@amazon.com>
Co-authored-by: John DiSanti <john@vinylsquid.com>
## Motivation and Context
<!--- Why is this change required? What problem does it solve? -->
<!--- If it fixes an open issue, please link to the issue here -->
Because the build pipeline is checking for these.
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
## Motivation and Context
I would like to support EKS Pod Identity credentials in the Rust SDKs
## Description
This brings the ECS provider in line with other sdks (eg, Go) by
supporting AWS_CONTAINER_AUTHORIZATION_TOKEN_FILE as well as permitting
http IPs to be non-loopback if they are the EKS pod identity IPs.
## Testing
I have added various new unit tests, and I have updated the existing
integration test to also create pods with eks pod identity creds, which
I have used to test in a real EKS cluster as well.
## Checklist
<!--- If a checkbox below is not applicable, then please DELETE it
rather than leaving it unchecked -->
- [x] I have updated `CHANGELOG.next.toml` if I made changes to the
smithy-rs codegen or runtime crates
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
---------
Signed-off-by: Jack Kleeman <jackkleeman@gmail.com>
Co-authored-by: John DiSanti <john@vinylsquid.com>
Co-authored-by: John DiSanti <jdisanti@amazon.com>
The aws-config test environment and test-data makes a heavy assumption
that there will only ever be credentials. This PR proactively refactors
the tests to make room for other future types of identities, such as
tokens.
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
See https://github.com/smithy-lang/smithy-rs/pull/3436
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
Keys are sent interleaving elements from different lists. This adds a
test of this behavior.
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
---------
Co-authored-by: John DiSanti <jdisanti@amazon.com>
## Motivation and Context
running codegen tests produces a diff you need to ignore
## Checklist
<!--- If a checkbox below is not applicable, then please DELETE it
rather than leaving it unchecked -->
- [ ] I have updated `CHANGELOG.next.toml` if I made changes to the
smithy-rs codegen or runtime crates
- [ ] I have updated `CHANGELOG.next.toml` if I made changes to the AWS
SDK, generated SDK code, or SDK runtime crates
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
## Motivation and Context
Make it easier to understand why credentials are expired. New log
example:
```
2024-02-19T17:47:31.769924Z INFO lazy_load_identity: aws_smithy_runtime::client::identity::cache::lazy: identity cache miss occurred; added new identity (took 861.893ms) new_expiration=2024-02-19T18:47:31Z valid_for=3599.230108s partition=IdentityCachePartition(1)
```
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
## Motivation and Context
Update MSRV to 1.74
## Description
Normal slate of things, mostly appeasing clippy.
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
---------
Co-authored-by: John DiSanti <jdisanti@amazon.com>
## Motivation and Context
Release build was broken because `smithy-build.json` was not being
generated prior to smithyBuild actually running.
## Description
Fix task names
## Testing
Manual patch of release tag with this fix.
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
Timeout test was flaky, failed on main.
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
## Motivation and Context
The nested path dependencies in our generated runtime crates cause
issues when simulating a release. This strips those out in order to
support testing a release where some versions _don't_ change.
## Testing
https://github.com/smithy-lang/smithy-rs/actions/runs/7917462892
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
## Motivation and Context
<!--- Why is this change required? What problem does it solve? -->
<!--- If it fixes an open issue, please link to the issue here -->
For context, see
https://github.com/smithy-lang/smithy-rs/discussions/3408
## Description
<!--- Describe your changes in detail -->
- During `invoke`, load all timeout configs and merge them via a custom
loader.
- Fix config bag bugs that prevented using a Stored type that differed
from `T`.
- Add new e2e and codegen integration test validating that timeout
settings are properly merged.
- Add fallback for an empty timeout config being equivalent to
`TimeoutConfig::disabled`.
## Checklist
<!--- If a checkbox below is not applicable, then please DELETE it
rather than leaving it unchecked -->
- [x] I have updated `CHANGELOG.next.toml` if I made changes to the
smithy-rs codegen or runtime crates
- [x] I have updated `CHANGELOG.next.toml` if I made changes to the AWS
SDK, generated SDK code, or SDK runtime crates
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
---------
Co-authored-by: John DiSanti <jdisanti@amazon.com>
## Motivation and Context
Remove warning banner related code. The test is broken so this code is
just causing a hassle and will never be used again.
- [ ] A generated code diff should be audited prior to merging.
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
## Testing
- deployed to my personal account
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
The `SsoCredentialsProvider` maintains an in-memory expiring cache of
SSO tokens, and this cache is maintained within its instance. The
`ProfileFileCredentialsProvider`, which uses `SsoCredentialsProvider` as
a base/inner provider, is currently reconstructing the inner provider
every time it loads credentials, which discards the SSO token cache
entirely.
This PR refactors the `ProfileFileCredentialsProvider` to cache the
inner provider so that it is only initialized once on first load of
credentials. This is done via a new `ErrorTakingOnceCell` abstraction
since the same init-caching mechanism will be needed for the
`ProfileFileTokenProvider` when it is implemented.
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
## Description
Via code inspection, we have identified that there is a potential bug in
`DEFAULT_BUFFER_TIME_JITTER_FRACTION`. Specifically, if the fraction
happens to be set to 1.0, we end up not respecting the buffer time for
cache refresh (see diagrams in #2335). This PR will cap the max fraction
value to 0.5 to avoid the problem.
## Checklist
<!--- If a checkbox below is not applicable, then please DELETE it
rather than leaving it unchecked -->
- [x] I have updated `CHANGELOG.next.toml` if I made changes to the
smithy-rs codegen or runtime crates
- [x] I have updated `CHANGELOG.next.toml` if I made changes to the AWS
SDK, generated SDK code, or SDK runtime crates
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
---------
Co-authored-by: John DiSanti <jdisanti@amazon.com>
## Motivation and Context
<!--- Why is this change required? What problem does it solve? -->
<!--- If it fixes an open issue, please link to the issue here -->
#3322
## Description
<!--- Describe your changes in detail -->
I gave classifiers priorities but never actually sorted them. This PR
fixes that.
## Testing
<!--- Please describe in detail how you tested your changes -->
<!--- Include details of your testing environment, and the tests you ran
to -->
<!--- see how your change affects other areas of the code, etc. -->
I wrote a test
## Checklist
<!--- If a checkbox below is not applicable, then please DELETE it
rather than leaving it unchecked -->
- [x] I have updated `CHANGELOG.next.toml` if I made changes to the AWS
SDK, generated SDK code, or SDK runtime crates
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
---------
Co-authored-by: John DiSanti <jdisanti@amazon.com>
This CI step will check for subtle semver hazards with the `ConfigBag`
during release. Once all the runtime crates are independent, then this
check can be moved into normal CI.
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
John DiSanti