AWS SDK

rev. 42760a7f8eccf3504ac5f02e474dd9d79c922cfb

Files changed:

tmp-codegen-diff/aws-sdk/sdk/aws-credential-types/src/credential_feature.rs

@@ -22,22 +56,58 @@

     /// An operation called using credentials resolved from STS using assume role with SAML
     CredentialsStsAssumeRoleSaml,
     /// An operation called using credentials resolved from STS using assume role with web identity
     CredentialsStsAssumeRoleWebId,
     /// An operation called using credentials resolved from STS using a federation token
     CredentialsStsFederationToken,
     /// An operation called using credentials resolved from STS using a session token
     CredentialsStsSessionToken,
     /// An operation called using credentials resolved from a config file(s) profile with static credentials
     CredentialsProfile,
     /// An operation called using credentials resolved from a source profile in a config file(s) profile
     CredentialsProfileSourceProfile,
     /// An operation called using credentials resolved from a named provider in a config file(s) profile
     CredentialsProfileNamedProvider,
     /// An operation called using credentials resolved from configuration for assuming a role with STS using web identity token in a config file(s) profile
     CredentialsProfileStsWebIdToken,
     /// An operation called using credentials resolved from an SSO session in a config file(s) profile
     CredentialsProfileSso,
     /// An operation called using credentials resolved from an SSO session
     CredentialsSso,

     /// An operation called using credentials resolved from a process in a config file(s) profile
     CredentialsProfileProcess,
     /// An operation called using credentials resolved from a process
     CredentialsProcess,
     /// An operation called using credentials resolved from an HTTP endpoint
     CredentialsHttp,
     /// An operation called using credentials resolved from the instance metadata service (IMDS)
     CredentialsImds,
     /// An operation called using a Bearer token resolved from service-specific environment variables
     BearerServiceEnvVars,
     /// An operation called using S3 Express bucket credentials
     S3ExpressBucket,
-54
+}
-55
 impl Storable for AwsCredentialFeature {
     type Storer = StoreAppend<Self>;
-58
+}

tmp-codegen-diff/aws-sdk/sdk/aws-runtime/src/user_agent/metrics.rs

@@ -231,231 +290,291 @@

↥ Expand context

         use AwsCredentialFeature::*;
         match self {
             ResolvedAccountId => Some(BusinessMetric::ResolvedAccountId),
             CredentialsCode => Some(BusinessMetric::CredentialsCode),
             CredentialsEnvVars => Some(BusinessMetric::CredentialsEnvVars),
             CredentialsEnvVarsStsWebIdToken => {
                 Some(BusinessMetric::CredentialsEnvVarsStsWebIdToken)
-238
+            }
             CredentialsStsAssumeRole => Some(BusinessMetric::CredentialsStsAssumeRole),
             CredentialsStsAssumeRoleSaml => Some(BusinessMetric::CredentialsStsAssumeRoleSaml),
             CredentialsStsAssumeRoleWebId => Some(BusinessMetric::CredentialsStsAssumeRoleWebId),
             CredentialsStsFederationToken => Some(BusinessMetric::CredentialsStsFederationToken),
             CredentialsStsSessionToken => Some(BusinessMetric::CredentialsStsSessionToken),
             CredentialsProfile => Some(BusinessMetric::CredentialsProfile),
             CredentialsProfileSourceProfile => {
                 Some(BusinessMetric::CredentialsProfileSourceProfile)
-247
+            }
             CredentialsProfileNamedProvider => {
                 Some(BusinessMetric::CredentialsProfileNamedProvider)
-250
+            }

             CredentialsProfileStsWebIdToken => {
                 Some(BusinessMetric::CredentialsProfileStsWebIdToken)
-253
+            }
             CredentialsProfileSso => Some(BusinessMetric::CredentialsProfileSso),
             CredentialsSso => Some(BusinessMetric::CredentialsSso),
             CredentialsProfileProcess => Some(BusinessMetric::CredentialsProfileProcess),
             CredentialsProcess => Some(BusinessMetric::CredentialsProcess),
             CredentialsHttp => Some(BusinessMetric::CredentialsHttp),
             CredentialsImds => Some(BusinessMetric::CredentialsImds),
             BearerServiceEnvVars => Some(BusinessMetric::BearerServiceEnvVars),
             S3ExpressBucket => Some(BusinessMetric::S3ExpressBucket),
             otherwise => {
                 // This may occur if a customer upgrades only the `aws-smithy-runtime-api` crate
                 // while continuing to use an outdated version of an SDK crate or the `aws-credential-types`
                 // crate.
                 tracing::warn!(
                     "Attempted to provide `BusinessMetric` for `{otherwise:?}`, which is not recognized in the current version of the `aws-runtime` crate. \
                     Consider upgrading to the latest version to ensure that all tracked features are properly reported in your metrics."
                 );
                 None
-271
+            }

↧ Expand context

-272
+        }
-273
+    }
-274
+}
-275
 #[derive(Clone, Debug, Default)]
 pub(super) struct BusinessMetrics(Vec<BusinessMetric>);
-278
 impl BusinessMetrics {
     pub(super) fn push(&mut self, metric: BusinessMetric) {
         self.0.push(metric);
-282
+    }
-283
     pub(super) fn is_empty(&self) -> bool {
         self.0.is_empty()
-286
+    }
-287
+}
-288
 fn drop_unfinished_metrics_to_fit(csv: &str, max_len: usize) -> Cow<'_, str> {
     if csv.len() <= max_len {
         Cow::Borrowed(csv)

tmp-codegen-diff/aws-sdk/sdk/s3/src/s3_express.rs

@@ -347,347 +467,470 @@

↥ Expand context

             expect_identity(2000, &sut, key2, || {
                 let identity_resolver = identity_resolver.clone();
                 let runtime_components = runtime_components.clone();
                 async move { load(identity_resolver, &runtime_components).await }
             })
             .await;
-353
             // This should pupulate a cache entry for `key3`, but evicting a cache entry for `key1` because the cache is full.
             expect_identity(3000, &sut, key3.clone(), || {
                 let identity_resolver = identity_resolver.clone();
                 let runtime_components = runtime_components.clone();
                 async move { load(identity_resolver, &runtime_components).await }
             })
             .await;
-361
             // Attempt to get an identity for `key1` should end up fetching a new one since its cache entry has been evicted.
             // This fetch should now evict a cache entry for `key2`.
             expect_identity(4000, &sut, key1, || async move { load(identity_resolver, &runtime_components).await }).await;
-365
             // A cache entry for `key3` should still exist in the cache.

             expect_identity(3000, &sut, key3, || async move { panic!("new identity should not be loaded") }).await;
-368
+        }
-369
+    }
-370
+}
 /// Supporting code for S3 Express identity provider
 pub(crate) mod identity_provider {
     use std::time::{Duration, SystemTime};
-374
     use crate::s3_express::identity_cache::S3ExpressIdentityCache;
     use crate::types::SessionCredentials;
     use aws_credential_types::credential_feature::AwsCredentialFeature;
     use aws_credential_types::provider::error::CredentialsError;
     use aws_credential_types::Credentials;
     use aws_smithy_async::time::{SharedTimeSource, TimeSource};
     use aws_smithy_runtime_api::box_error::BoxError;
     use aws_smithy_runtime_api::client::endpoint::EndpointResolverParams;
     use aws_smithy_runtime_api::client::identity::{Identity, IdentityCacheLocation, IdentityFuture, ResolveCachedIdentity, ResolveIdentity};
     use aws_smithy_runtime_api::client::interceptors::SharedInterceptor;
     use aws_smithy_runtime_api::client::runtime_components::{GetIdentityResolver, RuntimeComponents};
     use aws_smithy_runtime_api::shared::IntoShared;
     use aws_smithy_types::config_bag::ConfigBag;
-388
     use super::identity_cache::{DEFAULT_BUFFER_TIME, DEFAULT_MAX_CACHE_CAPACITY};
-390
     #[derive(Debug)]
     pub(crate) struct DefaultS3ExpressIdentityProvider {
         behavior_version: crate::config::BehaviorVersion,
         cache: S3ExpressIdentityCache,
-395
+    }
-396
     impl TryFrom<SessionCredentials> for Credentials {
         type Error = BoxError;
-399
         fn try_from(session_creds: SessionCredentials) -> Result<Self, Self::Error> {
             Ok(Credentials::new(
                 session_creds.access_key_id,
                 session_creds.secret_access_key,
                 Some(session_creds.session_token),
                 Some(
                     SystemTime::try_from(session_creds.expiration)
                         .map_err(|_| CredentialsError::unhandled("credential expiration time cannot be represented by a SystemTime"))?,
                 ),
                 "s3express",
             ))
-411
+        }
-412
+    }
-413
     impl DefaultS3ExpressIdentityProvider {
         pub(crate) fn builder() -> Builder {
             Builder::default()
-417
+        }
-418
         async fn identity<'a>(&'a self, runtime_components: &'a RuntimeComponents, config_bag: &'a ConfigBag) -> Result<Identity, BoxError> {
             let bucket_name = self.bucket_name(config_bag)?;
-421
             let sigv4_identity_resolver = runtime_components
                 .identity_resolver(aws_runtime::auth::sigv4::SCHEME_ID)
                 .ok_or("identity resolver for sigv4 should be set for S3")?;
             let aws_identity = runtime_components
                 .identity_cache()
                 .resolve_cached_identity(sigv4_identity_resolver, runtime_components, config_bag)
                 .await?;
-429
             let credentials = aws_identity
                 .data::<Credentials>()
                 .ok_or("wrong identity type for SigV4. Expected AWS credentials but got `{identity:?}")?;
-433
             let key = self.cache.key(bucket_name, credentials);
             self.cache
                 .get_or_load(key, || async move {
                     let creds = self.express_session_credentials(bucket_name, runtime_components, config_bag).await?;
                     let data = Credentials::try_from(creds)?;
                     let mut data = Credentials::try_from(creds)?;
                     data.get_property_mut_or_default::<Vec<AwsCredentialFeature>>()
                         .push(AwsCredentialFeature::S3ExpressBucket);
                     Ok((Identity::new(data.clone(), data.expiry()), data.expiry().unwrap()))
                 })
                 .await
-444
+        }
-445
         fn bucket_name<'a>(&'a self, config_bag: &'a ConfigBag) -> Result<&'a str, BoxError> {
             let params = config_bag.load::<EndpointResolverParams>().expect("endpoint resolver params must be set");
             let params = params
                 .get::<crate::config::endpoint::Params>()
                 .expect("`Params` should be wrapped in `EndpointResolverParams`");

↧ Expand context

             params.bucket().ok_or("A bucket was not set in endpoint params".into())
-452
+        }
-453
         async fn express_session_credentials<'a>(
             &'a self,
             bucket_name: &'a str,
             runtime_components: &'a RuntimeComponents,
             config_bag: &'a ConfigBag,
         ) -> Result<SessionCredentials, BoxError> {
             let mut config_builder = crate::config::Builder::from_config_bag(config_bag).behavior_version(self.behavior_version);
-461
             // inherits all runtime components from a current S3 operation but clears out
             // out interceptors configured for that operation
             let mut rc_builder = runtime_components.to_builder();
             rc_builder.set_interceptors(std::iter::empty::<SharedInterceptor>());
             config_builder.runtime_components = rc_builder;
-467
             let client = crate::Client::from_conf(config_builder.build());
             let response = client.create_session().bucket(bucket_name).send().await?;
-470

@@ -497,500 +556,616 @@

↥ Expand context

         pub(crate) fn buffer_time(mut self, buffer_time: Duration) -> Self {
             self.set_buffer_time(Some(buffer_time));
             self
-503
+        }
         #[allow(dead_code)]
         pub(crate) fn set_buffer_time(&mut self, buffer_time: Option<Duration>) -> &mut Self {
             self.buffer_time = buffer_time;
             self
-508
+        }
         pub(crate) fn build(self) -> DefaultS3ExpressIdentityProvider {
             DefaultS3ExpressIdentityProvider {
                 behavior_version: self.behavior_version.expect("required field `behavior_version` should be set"),
                 cache: S3ExpressIdentityCache::new(
                     DEFAULT_MAX_CACHE_CAPACITY,
                     self.time_source.unwrap_or_default(),
                     self.buffer_time.unwrap_or(DEFAULT_BUFFER_TIME),
                 ),
-517
+            }
-518
+        }
-519
+    }

-520
     impl ResolveIdentity for DefaultS3ExpressIdentityProvider {
         fn resolve_identity<'a>(&'a self, runtime_components: &'a RuntimeComponents, config_bag: &'a ConfigBag) -> IdentityFuture<'a> {
             IdentityFuture::new(async move { self.identity(runtime_components, config_bag).await })
-524
+        }
-525
         fn cache_location(&self) -> IdentityCacheLocation {
             IdentityCacheLocation::IdentityResolver
-528
+        }
-529
+    }
-+
     #[cfg(test)]
     mod tests {
         use super::*;
         use aws_credential_types::credential_feature::AwsCredentialFeature;
         use aws_credential_types::Credentials;
-+
         #[test]
         fn test_s3express_identity_contains_feature() {
             // Verify SessionCredentials conversion to Credentials embeds S3ExpressBucket feature
             let session_creds = SessionCredentials::builder()
                 .access_key_id("test_access_key")
                 .secret_access_key("test_secret_key")
                 .session_token("test_session_token")
                 .expiration(aws_smithy_types::DateTime::from_secs(1000))
                 .build()
                 .expect("valid session credentials");
-+
             let mut credentials = Credentials::try_from(session_creds).expect("conversion should succeed");
-+
             // Embed the feature as done in the identity() method
             credentials
                 .get_property_mut_or_default::<Vec<AwsCredentialFeature>>()
                 .push(AwsCredentialFeature::S3ExpressBucket);
-+
             // Verify the feature is present in credentials
             let features = credentials
                 .get_property::<Vec<AwsCredentialFeature>>()
                 .expect("features should be present");
             assert!(
                 features.contains(&AwsCredentialFeature::S3ExpressBucket),
                 "S3ExpressBucket feature should be embedded in credentials"
             );
-+
             // The feature is successfully embedded in credentials
             // When converted to Identity, the credentials (with features) are preserved
             // This is sufficient to verify the feature tracking mechanism works
-+
+        }
-+
         #[test]
         fn test_session_credentials_conversion() {
             // Verify SessionCredentials can be converted to Credentials
             let session_creds = SessionCredentials::builder()
                 .access_key_id("test_access_key")
                 .secret_access_key("test_secret_key")
                 .session_token("test_session_token")
                 .expiration(aws_smithy_types::DateTime::from_secs(1000))
                 .build()
                 .expect("valid session credentials");
-+
             let credentials = Credentials::try_from(session_creds).expect("conversion should succeed");
-+
             assert_eq!(credentials.access_key_id(), "test_access_key");
             assert_eq!(credentials.secret_access_key(), "test_secret_key");
             assert_eq!(credentials.session_token(), Some("test_session_token"));
-+
+        }
-+
+    }
-587
+}
-588
 /// Supporting code for S3 Express runtime plugin
 pub(crate) mod runtime_plugin {
     use std::borrow::Cow;
-592
     use aws_runtime::auth::SigV4SessionTokenNameOverride;
     use aws_sigv4::http_request::{SignatureLocation, SigningSettings};
     use aws_smithy_runtime_api::{
         box_error::BoxError,

↧ Expand context

         client::{runtime_components::RuntimeComponentsBuilder, runtime_plugin::RuntimePlugin},
     };
     use aws_smithy_types::config_bag::{ConfigBag, FrozenLayer, Layer};
     use aws_types::os_shim_internal::Env;
-601
     mod env {
         pub(super) const S3_DISABLE_EXPRESS_SESSION_AUTH: &str = "AWS_S3_DISABLE_EXPRESS_SESSION_AUTH";
-604
+    }
-605
     #[derive(Debug)]
     pub(crate) struct S3ExpressRuntimePlugin {
         config: FrozenLayer,
         runtime_components_builder: RuntimeComponentsBuilder,
-610
+    }
-611
     impl S3ExpressRuntimePlugin {
         // `new` will be called as `additional_client_plugins` within `base_client_runtime_plugins`.
         // This guarantees that `new` receives a fully constructed service config, with required
         // runtime components registered with `RuntimeComponents`.
         pub(crate) fn new(service_config: crate::config::Config) -> Self {

tmp-codegen-diff/aws-sdk/sdk/s3/tests/express.rs

@@ -1,1 +86,93 @@

 /*
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  * SPDX-License-Identifier: Apache-2.0
  */
-5
 use std::time::{Duration, SystemTime};
-7
 use aws_config::timeout::TimeoutConfig;
 use aws_config::Region;
 use aws_runtime::user_agent::test_util::{
     assert_ua_contains_metric_values, assert_ua_does_not_contain_metric_values,
 };
 use aws_sdk_s3::config::endpoint::{EndpointFuture, Params, ResolveEndpoint};
 use aws_sdk_s3::config::{Builder, Credentials};
 use aws_sdk_s3::presigning::PresigningConfig;
 use aws_sdk_s3::primitives::SdkBody;
 use aws_sdk_s3::types::ChecksumAlgorithm;
 use aws_sdk_s3::{Client, Config};
 use aws_smithy_http_client::test_util::dvr::ReplayingClient;
 use aws_smithy_http_client::test_util::{capture_request, ReplayEvent, StaticReplayClient};
 use aws_smithy_runtime::test_util::capture_test_logs::capture_test_logs;
 use aws_smithy_types::endpoint::Endpoint;
 use http_1x::Uri;
-24
 async fn test_client<F>(update_builder: F) -> Client
 where
     F: Fn(Builder) -> Builder,
-28
+{
     let sdk_config = aws_config::from_env().region("us-west-2").load().await;
     let config = Config::from(&sdk_config).to_builder().with_test_defaults();
     aws_sdk_s3::Client::from_conf(update_builder(config).build())
-32
+}
-33
 #[tokio::test]
 async fn create_session_request_should_not_include_x_amz_s3session_token() {
     let (http_client, request) = capture_request(None);
     // There was a bug where a regular SigV4 session token was overwritten by an express session token
     // even for CreateSession API request.
     // To exercise that code path, it is important to include credentials with a session token below.
     let conf = Config::builder()
         .http_client(http_client)
         .region(Region::new("us-west-2"))
         .credentials_provider(::aws_credential_types::Credentials::for_tests_with_session_token())
         .build();
     let client = Client::from_conf(conf);
-46
     let _ = client
         .list_objects_v2()
         .bucket("s3express-test-bucket--usw2-az1--x-s3")
         .send()
         .await;
-52
     let req = request.expect_request();
     assert!(
         req.headers().get("x-amz-create-session-mode").is_none(),
         "`x-amz-create-session-mode` should not appear in headers of the first request when an express bucket is specified"
     );
     assert!(req.headers().get("x-amz-security-token").is_some());
     assert!(req.headers().get("x-amz-s3session-token").is_none());
-+
     // Verify that the User-Agent contains the S3ExpressBucket metric "J"
     let user_agent = req.headers().get("x-amz-user-agent").unwrap();
     assert_ua_contains_metric_values(user_agent, &["J"]);
-64
+}
-65
 #[tokio::test]
 async fn mixed_auths() {
     let _logs = capture_test_logs();
-69
     let http_client = ReplayingClient::from_file("tests/data/express/mixed-auths.json").unwrap();
     let client = test_client(|b| b.http_client(http_client.clone())).await;
-72
     // A call to an S3 Express bucket where we should see two request/response pairs,

↧ Expand context

     // one for the `create_session` API and the other for `list_objects_v2` in S3 Express bucket.
     let result = client
         .list_objects_v2()
         .bucket("s3express-test-bucket--usw2-az1--x-s3")
         .send()
         .await;
     dbg!(result).expect("success");
-81
     // A call to a regular bucket, and request headers should not contain `x-amz-s3session-token`.
     let result = client
         .list_objects_v2()
         .bucket("regular-test-bucket")
         .send()
         .await;
     dbg!(result).expect("success");
-89
     // A call to another S3 Express bucket where we should again see two request/response pairs,
     // one for the `create_session` API and the other for `list_objects_v2` in S3 Express bucket.
     let result = client
         .list_objects_v2()

@@ -305,312 +364,375 @@

↥ Expand context

         .map(|checksum| format!("amz-checksum-{}", checksum.to_lowercase()))
         .chain(std::iter::once("content-md5".to_string()));
-314
     assert!(!all_checksums.any(|checksum| http_client
         .actual_requests()
         .any(|req| req.headers().iter().any(|(key, _)| key == checksum))));
-318
+}
-319
 #[tokio::test]
 async fn disable_s3_express_session_auth_at_service_client_level() {
     let (http_client, request) = capture_request(None);
     let conf = Config::builder()
         .http_client(http_client)
         .region(Region::new("us-west-2"))
         .with_test_defaults()
         .disable_s3_express_session_auth(true)
         .build();
     let client = Client::from_conf(conf);
-330
     let _ = client

         .list_objects_v2()
         .bucket("s3express-test-bucket--usw2-az1--x-s3")
         .send()
         .await;
-336
     let req = request.expect_request();
     assert!(
         req.headers().get("x-amz-create-session-mode").is_none(),
         "x-amz-create-session-mode should not appear in headers when S3 Express session auth is disabled"
     );
-+
     // Verify that the User-Agent does NOT contain the S3ExpressBucket metric "J" when session auth is disabled
     let user_agent = req.headers().get("x-amz-user-agent").unwrap();
     assert_ua_does_not_contain_metric_values(user_agent, &["J"]);
-346
+}
-347
 #[tokio::test]
 async fn disable_s3_express_session_auth_at_operation_level() {
     let (http_client, request) = capture_request(None);
     let conf = Config::builder()
         .http_client(http_client)
         .region(Region::new("us-west-2"))
         .with_test_defaults()
         .build();

↧ Expand context

     let client = Client::from_conf(conf);
-357
     let _ = client
         .list_objects_v2()
         .bucket("s3express-test-bucket--usw2-az1--x-s3")
         .customize()
         .config_override(Config::builder().disable_s3_express_session_auth(true))
         .send()
         .await;
-365
     let req = request.expect_request();
     assert!(
         req.headers().get("x-amz-create-session-mode").is_none(),
         "x-amz-create-session-mode should not appear in headers when S3 Express session auth is disabled"
     );
-371
+}
-372
 #[tokio::test]
 async fn support_customer_overriding_express_credentials_provider() {
     let expected_session_token = "testsessiontoken";

@@ -391,402 +450,465 @@

↥ Expand context

     let _ = client
         .list_objects_v2()
         .bucket("s3express-test-bucket--usw2-az1--x-s3")
         .send()
         .await;
-407
     let req = rx.expect_request();
     let actual_session_token = req
         .headers()
         .get("x-amz-s3session-token")
         .expect("x-amz-s3session-token should be present");
     assert_eq!(expected_session_token, actual_session_token);
     assert!(req.headers().get("x-amz-security-token").is_none());
-415
     // With a regular S3 bucket, test `x-amz-security-token` should be present with `expected_session_token`,
     // instead of `x-amz-s3session-token`.
     let (client, rx) = client_overriding_express_credentials_provider().await;
     let _ = client
         .list_objects_v2()
         .bucket("regular-test-bucket")

         .send()
         .await;
-424
     let req = rx.expect_request();
     let actual_session_token = req
         .headers()
         .get("x-amz-security-token")
         .expect("x-amz-security-token should be present");
     assert_eq!(expected_session_token, actual_session_token);
     assert!(req.headers().get("x-amz-s3session-token").is_none());
-+
     // Verify that the User-Agent does NOT contain the S3ExpressBucket metric "J" for regular buckets
     let user_agent = req.headers().get("x-amz-user-agent").unwrap();
     assert_ua_does_not_contain_metric_values(user_agent, &["J"]);
-436
+}
-437
 #[tokio::test]
 async fn s3_express_auth_flow_should_not_be_reached_with_no_auth_schemes() {
     #[derive(Debug)]
     struct TestResolver {
         url: String,
-443
+    }
     impl ResolveEndpoint for TestResolver {
         fn resolve_endpoint(&self, _params: &Params) -> EndpointFuture<'_> {

↧ Expand context

             EndpointFuture::ready(Ok(Endpoint::builder().url(self.url.clone()).build()))
-447
+        }
-448
+    }
-449
     let (http_client, request) = capture_request(None);
     let conf = Config::builder()
         .http_client(http_client)
         .region(Region::new("us-west-2"))
         .endpoint_resolver(TestResolver {
             url: "http://127.0.0.1".to_owned(),
         })
         .with_test_defaults()
         .timeout_config(
             TimeoutConfig::builder()
                 .operation_attempt_timeout(Duration::from_secs(1))
                 .build(),
-462
+        )
         .build();
     let client = Client::from_conf(conf);
-465

Pages: 1