Go to file

ysaito1001 0bd57fe312 Port redacting sensitive body to orchestrator (#2972 ) ## Motivation and Context Fixes https://github.com/awslabs/smithy-rs/issues/2926 ## Description This PR ports logic implemented in https://github.com/awslabs/smithy-rs/pull/2603. Thankfully, even though we did not port this at the time of the orchestrator launch, the orchestrator has not logged sensitive bodies because we have never logged response bodies in the orchestrator code. The code changes in this PR - now logs response bodies in `try_attempt` - ports the logic from the previous PR in question to the orchestrator, via an interceptor Now, when credentials providers in `aws_config` need to say "I want to redact a response body" ([example](`2c27834f90/aws/rust-runtime/aws-config/src/http_credential_provider.rs (L48)`)) when middleware is gone, they can pass an interceptor `SensitiveOutputInterceptor` to `Config` of whatever clients they are using. ## Testing Depends on the existing tests. Without the logic ported over the orchestrator and by logging response bodies unconditionally in `try_attempt`, we got the following failures. After we've ported the logic, they now pass. ``` default_provider::credentials::test::ecs_assume_role default_provider::credentials::test::imds_assume_role default_provider::credentials::test::sso_assume_role default_provider::credentials::test::web_identity_token_env default_provider::credentials::test::web_identity_token_profile default_provider::credentials::test::web_identity_token_source_profile profile::credentials::test::e2e_assume_role profile::credentials::test::region_override profile::credentials::test::retry_on_error ``` ## Checklist <!--- If a checkbox below is not applicable, then please DELETE it rather than leaving it unchecked --> - [x] I have updated `CHANGELOG.next.toml` if I made changes to the smithy-rs codegen or runtime crates - [x] I have updated `CHANGELOG.next.toml` if I made changes to the AWS SDK, generated SDK code, or SDK runtime crates ---- _By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._ --------- Co-authored-by: ysaito1001 <awsaito@amazon.com> Co-authored-by: John DiSanti <jdisanti@amazon.com>		2023-09-08 17:45:30 +00:00
.cargo	Upgrade MSRV to 1.68.2 (#2745 )	2023-06-13 15:23:04 +00:00
.github	Update the base image for ci-build's Dockerfile (#2674 )	2023-09-07 01:16:46 +00:00
.pre-commit-hooks	Clean up the pre-commit config (#2915 )	2023-08-10 17:43:57 +00:00
aws	Update dependencies of benchmark (#2974 )	2023-09-07 17:38:35 +00:00
buildSrc	Attempt to fix example workspace issue	2023-08-18 09:38:30 -07:00
codegen-client	Port redacting sensitive body to orchestrator (#2972 )	2023-09-08 17:45:30 +00:00
codegen-client-test	Fix codegen for unions with the `@httpPayload` trait (#2969 )	2023-08-31 16:43:02 +00:00
codegen-core	Port redacting sensitive body to orchestrator (#2972 )	2023-09-08 17:45:30 +00:00
codegen-server	Fix eventstream issue	2023-08-18 12:52:36 -07:00
codegen-server-test	Error out if `ignoreUnsupportedConstraintTraits` has no effect (#2539 )	2023-05-30 10:26:42 +00:00
design	Update HTTP RFC with note (#2906 )	2023-08-08 16:19:56 +00:00
examples	Add TLS docs page (#2898 )	2023-08-03 20:27:21 +00:00
gradle/wrapper	Fix Gradle deprecation warnings (#1978 )	2022-11-11 13:04:30 -08:00
rust-runtime	Port redacting sensitive body to orchestrator (#2972 )	2023-09-08 17:45:30 +00:00
tools	Update the base image for ci-build's Dockerfile (#2674 )	2023-09-07 01:16:46 +00:00
.cargo-deny-config.toml	Update dependencies flagged by cargo audit (#2753 )	2023-06-12 17:09:29 +00:00
.editorconfig	Upgrade Kotlin and Ktlint (#2392 )	2023-02-22 18:21:06 +00:00
.git-blame-ignore-revs	Create initial `.git-blame-ignore-revs` (#1726 )	2022-09-09 14:09:06 -07:00
.gitignore	[Python] Support more testing model (#2541 )	2023-04-13 13:55:33 +00:00
.pre-commit-config.yaml	Clean up the pre-commit config (#2915 )	2023-08-10 17:43:57 +00:00
CHANGELOG.md	Update changelog	2023-08-22 19:07:02 +00:00
CHANGELOG.next.toml	Port redacting sensitive body to orchestrator (#2972 )	2023-09-08 17:45:30 +00:00
CODEOWNERS	Add examples folder to CODEOWNERS (#2591 )	2023-04-18 17:17:15 +00:00
CODE_OF_CONDUCT.md	Initial commit	2020-10-28 06:37:45 -07:00
CONTRIBUTING.md	Update security disclosure instructions (#1758 )	2022-09-22 17:05:45 +00:00
LICENSE	Initial commit	2020-10-28 06:37:45 -07:00
NOTICE	Initial commit	2020-10-28 06:37:45 -07:00
README.md	Move examples to root, refactor to workspace, and refactor integration tests (#2481 )	2023-03-22 14:00:21 +00:00
build.gradle.kts	Make required context parameters required (#2964 )	2023-08-31 19:26:07 +00:00
ci	Add release metadata to `versions.toml` (#1400 )	2022-05-23 23:31:23 +00:00
ci.mk	TLS tests in CI (#2886 )	2023-08-09 14:21:55 +00:00
clippy-root.toml	Add clippy.toml with forbidden methods & fix SystemTime usages (#2882 )	2023-07-28 17:16:44 +00:00
gradle.properties	update Smithy version to 1.37 (#2949 )	2023-08-28 15:54:39 +00:00
gradlew	Upgrade to Gradle 7 (#1411 )	2022-06-23 12:27:43 -04:00
gradlew.bat	Upgrade to Gradle 7 (#1411 )	2022-06-23 12:27:43 -04:00
rust-toolchain.toml	update MSRV to 1.70.0 (#2948 )	2023-08-24 19:51:06 +00:00
settings.gradle.kts	Make required context parameters required (#2964 )	2023-08-31 19:26:07 +00:00

README.md

Smithy Rust

Smithy code generators for Rust that generate clients, servers, and the entire AWS SDK. The latest unreleased SDK build can be found in aws-sdk-rust/next.

Design documentation

All internal and external interfaces are considered unstable and subject to change without notice.

Setup

./gradlew will setup gradle for you. JDK 17 is required.
Running tests requires a working Rust installation. See Rust docs for installation instructions on your platform. The MSRV (Minimum Supported Rust Version) for the crates in this project is stable-2, i.e. the current stable Rust version and the prior two versions. Older versions may work.

Development

For development, pre-commit hooks make it easier to pass automated linting when opening a pull request. Setup:

brew install pre-commit # (or appropriate for your platform: https://pre-commit.com/)
pre-commit install

Project Layout

aws: AWS specific codegen & Rust code (signing, endpoints, customizations, etc.) Common commands:
- ./gradlew :aws:sdk:assemble: Generate (but do not test / compile etc.) a fresh SDK into sdk/build/aws-sdk
- ./gradlew :aws:sdk:test: Generate & run all tests for a fresh SDK
- ./gradlew :aws:sdk:{cargoCheck, cargoTest, cargoDocs, cargoClippy}: Generate & run specified cargo command.
codegen-core: Common code generation logic useful for clients and servers
codegen-client: Whitelabel Smithy client code generation
codegen-client-test: Smithy protocol test generation & integration tests for Smithy client whitelabel code
design: Design documentation. See the design/README.md for details about building / viewing.
codegen-server: Whitelabel Smithy server code generation
codegen-server-test: Smithy protocol test generation & integration tests for Smithy server whitelabel code
examples: A collection of server implementation examples

Testing

Running all of smithy-rs's tests can take a very long time, so it's better to know which parts to test based on the changes being made, and allow continuous integration to find other issues when posting a pull request.

In general, the components of smithy-rs affect each other in the following order (with earlier affecting later):

rust-runtime
codegen and codegen-server
aws/rust-runtime
aws/sdk-codegen

Some components, such as codegen-client-test and codegen-server-test, are purely for testing other components.

Testing `rust-runtime` and `aws/rust-runtime`

To test the rust-runtime crates:

# Run all Rust tests for `rust-runtime/` (from repo root):
cargo test --manifest-path=rust-runtime/Cargo.toml
# Run clippy for `rust-runtime/` (from repo root):
cargo clippy --manifest-path=rust-runtime/Cargo.toml

# Or
cd rust-runtime
cargo test
cargo clippy

To test the aws/rust-runtime crates:

# Run all Rust tests for `aws/rust-runtime/` (from repo root):
cargo test --manifest-path=aws/rust-runtime/Cargo.toml
# Run clippy for `aws/rust-runtime/` (from repo root):
cargo clippy --manifest-path=aws/rust-runtime/Cargo.toml

# Or
cd aws/rust-runtime
cargo test
cargo clippy

Some runtime crates have a additional-ci script that can also be run. These scripts often require cargo-hack and cargo-udeps to be installed.

Testing Client/Server Codegen

To test the code generation, the following can be used:

# Run Kotlin codegen unit tests
./gradlew codegen-core:check
./gradlew codegen-client:check
./gradlew codegen-server:check
# Run client codegen tests
./gradlew codegen-client-test:check
# Run server codegen tests
./gradlew codegen-server-test:check

Several Kotlin unit tests generate Rust projects and compile them. When these fail, they typically output links to the location of the generated code so that it can be inspected.

To look at generated code when the codegen tests fail, check these paths depending on the test suite that's failing:

For codegen-client-test: codegen-client-test/build/smithyprojections/codegen-client-test
For codegen-server-test: codegen-server-test/build/smithyprojections/codegen-server-test

Testing SDK Codegen

See the readme in aws/sdk/ for more information about these targets as they can be configured to generate more or less AWS service clients.

# Run Kotlin codegen unit tests
./gradlew aws:sdk-codegen:check
# Generate an SDK, but do not attempt to compile / run tests. Useful for inspecting generated code
./gradlew :aws:sdk:assemble
# Run all the tests
./gradlew :aws:sdk:test
# Validate that the generated code compiles
./gradlew :aws:sdk:cargoCheck
# Validate that the generated code passes Clippy
./gradlew :aws:sdk:cargoClippy
# Validate the generated docs
./gradlew :aws:sdk:cargoDoc

The generated SDK will be placed in aws/sdk/build/aws-sdk.