Add Endpoint Params to AuthSchemeParams for MultiAuth Scheme Resolution #5797
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…n Multi Auth trait
…rename enableEndpointAuthSchemeParams as endpointBasedAuthSchemeParamsLegacy to avoid confusion
…sLegacy since Internal customers are using this customization
joviegas
changed the title
Fred1155
reviewed
Jan 15, 2025
| @@ -147,6 +149,25 @@ public boolean includeParamForProvider(String name) { | |||
| return true; | |||
| } | |||
|
|
|||
| // New Multi Auth determined by "auth" triat on Service model or operation model. | |||
| @@ -60,7 +60,7 @@ public TypeSpec poetSpec() { | |||
| .addMethod(builderMethod()) | |||
| .addType(builderImplSpec()); | |||
|
|
|||
| if (authSchemeSpecUtils.useEndpointBasedAuthProvider()) { | |||
| if (authSchemeSpecUtils.useEndpointBasedAuthProvider() || authSchemeSpecUtils.hasMultiAuthSigvOrSigv4a()) { | |||
There was a problem hiding this comment.
why this can't be replaced by authSchemeSpecUtils.useEndpointParamsInAuthScheme() like below? authSchemeSpecUtils.useEndpointBasedAuthProvider() returns generateEndpointBasedParams(), which is included in useEndpointParamsInAuthScheme()
joviegas
force-pushed
the
joviegas/autheme_params_spec
branch
from
9d3e545 to
3ee618d
Compare
…rom Endpoint Params
joviegas
commented
Jan 18, 2025
| if (authSchemeSpecUtils.usesSigV4()) { | ||
| builder.addStatement("$T region = executionAttributes.getAttribute($T.AWS_REGION)", Region.class, | ||
| AwsExecutionAttribute.class); | ||
| builder.addStatement("builder.region(region)"); | ||
| builder.addStatement("return $T.builder()" |
There was a problem hiding this comment.
Reverted this fix back to master , since these changes were not required as we are using same code as EndpointBased params
|
|
Closing the PR since we do not need this . |
|
Closing the PR since we do not need this . |
|
Workaround to skip default checksum calculations for operations that don't require them while ensuring MD5 checksums are added for operations that do require them. 1. Skip Default Checksum Calculation for operation which donot require checksumChoose one of these options: Option A: Add to AWS profile configurationOr Option B: Set system propertyimport software.amazon.awssdk.core.SdkSystemSetting;
import software.amazon.awssdk.services.s3.S3Client;
public class DemoClass {
public static void main(String[] args) {
System.setProperty(SdkSystemSetting.AWS_REQUEST_CHECKSUM_CALCULATION.property(), "WHEN_REQUIRED");
S3Client s3Client = S3Client.builder()
.build();
s3Client.listBuckets();
}Adding MD5 checksum for operations which require checksum calculationStep 1: Add Interceptor class as belowmport java.io.IOException;
import java.io.UncheckedIOException;
import java.util.Optional;
import software.amazon.awssdk.core.async.AsyncRequestBody;
import software.amazon.awssdk.core.interceptor.Context;
import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
import software.amazon.awssdk.core.interceptor.ExecutionInterceptor;
import software.amazon.awssdk.core.interceptor.SdkInternalExecutionAttribute;
import software.amazon.awssdk.core.internal.util.HttpChecksumUtils;
import software.amazon.awssdk.core.sync.RequestBody;
import software.amazon.awssdk.http.Header;
import software.amazon.awssdk.http.SdkHttpRequest;
import software.amazon.awssdk.utils.Md5Utils;
public class Md5RequiredOperationInterceptor implements ExecutionInterceptor {
@Override
public SdkHttpRequest modifyHttpRequest(Context.ModifyHttpRequest context, ExecutionAttributes executionAttributes) {
boolean isHttpChecksumRequired = isHttpChecksumRequired(executionAttributes);
boolean requestAlreadyHasMd5 = context.httpRequest().firstMatchingHeader(Header.CONTENT_MD5).isPresent();
Optional<RequestBody> syncContent = context.requestBody();
Optional<AsyncRequestBody> asyncContent = context.asyncRequestBody();
if (!isHttpChecksumRequired || requestAlreadyHasMd5) {
return context.httpRequest();
}
if (asyncContent.isPresent()) {
throw new IllegalArgumentException("This operation requires a content-MD5 checksum, " +
"but one cannot be calculated for non-blocking content.");
}
if (syncContent.isPresent()) {
try {
String payloadMd5 = Md5Utils.md5AsBase64(syncContent.get().contentStreamProvider().newStream());
return context.httpRequest().copy(r -> r.putHeader(Header.CONTENT_MD5, payloadMd5));
} catch (IOException e) {
throw new UncheckedIOException(e);
}
}
return context.httpRequest();
}
private boolean isHttpChecksumRequired(ExecutionAttributes executionAttributes) {
return executionAttributes.getAttribute(SdkInternalExecutionAttribute.HTTP_CHECKSUM_REQUIRED) != null
|| HttpChecksumUtils.isMd5ChecksumRequired(executionAttributes);
}
}Step 2: Use this interceptor in the client builder as belowimport software.amazon.awssdk.services.s3.S3Client;
public class DemoChecksumRollback {
public static void main(String[] args) {
Md5RequiredOperationInterceptor md5RequiredOperationInterceptor =
new Md5RequiredOperationInterceptor();
S3Client s3Client = S3Client.builder()
.overrideConfiguration(override ->
override.addExecutionInterceptor(md5RequiredOperationInterceptor))
.build();
s3Client.listBuckets();
}
}3. Doing Both: skipping Checksum for operations that do not require checksum and adding MD5 checksum for operations that require checksumimport software.amazon.awssdk.services.s3.S3Client;
public class DemoChecksumRollback {
public static void main(String[] args) {
System.setProperty(SdkSystemSetting.AWS_REQUEST_CHECKSUM_CALCULATION.property(), "WHEN_REQUIRED");
// Md5RequiredOperationInterceptor is same as class defined in above section
Md5RequiredOperationInterceptor md5RequiredOperationInterceptor =
new Md5RequiredOperationInterceptor();
S3Client s3Client = S3Client.builder()
.overrideConfiguration(override ->
override.addExecutionInterceptor(md5RequiredOperationInterceptor))
.build();
s3Client.listBuckets();
}
}Note: The above workarounds will not prevent adding Default checksums for operations which require checksum like DeleteObjects etc. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation and Context
MultiAuth Scheme resolution requires knowledge of the Endpoint.
This is because Endpoint-based Auth Scheme properties need to be set on the resolved Auth Scheme.
Similar to S3/EndpointBasedAuthParams, we need to copy all EndpointParams to the AuthSchemeParams.
Also these paramaters should be populated from Endpoint Params in Auth Scheme Interceptor
Modifications
Testing
Screenshots (if appropriate)
License