Adding functionality to config preferred authschemeProvider (#6083)

* Adding functionality to config preferred authschemeProvider

* adding test coverage

* fix formatting checkstyle

* Added changelog

* Adding test coverage

* Use SdkSystemSetting for both env and system

* Add profiles to service pom

* Fix test

* Fix protocol test dependencies

* Remove dependency on profiles (use option get in generated code instead)

* Fix checkstyle

* Move AuthSchemePreferenceProvider out of internal module

* More checkstyle fixes

* Fixing comments, adding fixture file, renaming provider to resolver, adding coverage

* Remove unused import

* Add codegen test for preferred auth scheme provider

* Check for empty string

* Add more documentation

* Revert "Add codegen test for preferred auth scheme provider"

This reverts commit 141b9d6.

* Replace authprovider builder with overridden defaultProvider method

* Update core/aws-core/src/main/java/software/amazon/awssdk/awscore/auth/AuthSchemePreferenceResolver.java

Co-authored-by: Olivier L Applin <olapplin@amazon.com>

* Update core/aws-core/src/main/java/software/amazon/awssdk/awscore/auth/AuthSchemePreferenceResolver.java

Co-authored-by: Olivier L Applin <olapplin@amazon.com>

* Fix import from suggested changes

* move test to aws-core module

---------

Co-authored-by: Ran Vaknin <RanVaknin@users.noreply.github.com>
Co-authored-by: Alex Woods <alexwoo@amazon.com>
Co-authored-by: Olivier L Applin <olapplin@amazon.com>

Author: 3 people

.changes/next-release/feature-AWSSDKforJavav2-8e1c19d.json

@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "AWS SDK for Java v2",
+    "contributor": "",
+    "description": "Added ability to configure preferred authentication schemes when multiple auth options are available."
+}

codegen/src/main/java/software/amazon/awssdk/codegen/emitters/tasks/AuthSchemeGeneratorTasks.java

@@ -28,6 +28,7 @@
 import software.amazon.awssdk.codegen.poet.auth.scheme.EndpointAwareAuthSchemeParamsSpec;
 import software.amazon.awssdk.codegen.poet.auth.scheme.EndpointBasedAuthSchemeProviderSpec;
 import software.amazon.awssdk.codegen.poet.auth.scheme.ModelBasedAuthSchemeProviderSpec;
+import software.amazon.awssdk.codegen.poet.auth.scheme.PreferredAuthSchemeProviderSpec;
 
 public final class AuthSchemeGeneratorTasks extends BaseGeneratorTasks {
     private final GeneratorTaskParams generatorTaskParams;
@@ -45,6 +46,7 @@ protected List<GeneratorTask> createTasks() {
         tasks.add(generateProviderInterface());
         tasks.add(generateDefaultParamsImpl());
         tasks.add(generateModelBasedProvider());
+        tasks.add(generatePreferenceProvider());
         tasks.add(generateAuthSchemeInterceptor());
         if (authSchemeSpecUtils.useEndpointBasedAuthProvider()) {
             tasks.add(generateEndpointBasedProvider());
@@ -69,6 +71,10 @@ private GeneratorTask generateModelBasedProvider() {
         return new PoetGeneratorTask(authSchemeInternalDir(), model.getFileHeader(), new ModelBasedAuthSchemeProviderSpec(model));
     }
 
+    private GeneratorTask generatePreferenceProvider() {
+        return new PoetGeneratorTask(authSchemeInternalDir(), model.getFileHeader(), new PreferredAuthSchemeProviderSpec(model));
+    }
+
     private GeneratorTask generateEndpointBasedProvider() {
         return new PoetGeneratorTask(authSchemeInternalDir(), model.getFileHeader(),
                                      new EndpointBasedAuthSchemeProviderSpec(model));

codegen/src/main/java/software/amazon/awssdk/codegen/poet/auth/scheme/AuthSchemeProviderSpec.java

@@ -21,6 +21,7 @@
 import com.squareup.javapoet.ParameterizedTypeName;
 import com.squareup.javapoet.TypeName;
 import com.squareup.javapoet.TypeSpec;
+import java.util.List;
 import java.util.function.Consumer;
 import javax.lang.model.element.Modifier;
 import software.amazon.awssdk.annotations.SdkPublicApi;
@@ -54,6 +55,7 @@ public TypeSpec poetSpec() {
                         .addMethod(resolveAuthSchemeMethod())
                         .addMethod(resolveAuthSchemeConsumerBuilderMethod())
                         .addMethod(defaultProviderMethod())
+                        .addMethod(defaultPreferredProviderMethod())
                         .build();
     }
 
@@ -93,6 +95,17 @@ private MethodSpec defaultProviderMethod() {
             .build();
     }
 
+    private MethodSpec defaultPreferredProviderMethod() {
+        return MethodSpec.methodBuilder("defaultProvider")
+                         .addModifiers(Modifier.PUBLIC, Modifier.STATIC)
+            .addParameter(ParameterizedTypeName.get(List.class, String.class), "authSchemePreference")
+                         .returns(className())
+                         .addJavadoc("Get the default auth scheme provider the preferred auth schemes in order of preference.")
+                         .addStatement("return new $T(defaultProvider(), authSchemePreference)",
+                                       authSchemeSpecUtils.preferredAuthSchemeProviderName())
+                         .build();
+    }
+
     private CodeBlock interfaceJavadoc() {
         CodeBlock.Builder b = CodeBlock.builder();
 
@@ -105,3 +118,4 @@ private CodeBlock interfaceJavadoc() {
         return b.build();
     }
 }
+

codegen/src/main/java/software/amazon/awssdk/codegen/poet/auth/scheme/AuthSchemeSpecUtils.java

@@ -97,6 +97,15 @@ public ClassName modeledAuthSchemeProviderName() {
         return ClassName.get(internalPackage(), "Modeled" + providerInterfaceName().simpleName());
     }
 
+    public ClassName preferredAuthSchemeProviderName() {
+        return ClassName.get(internalPackage(), "Preferred" + providerInterfaceName().simpleName());
+    }
+
+    public ClassName authSchemeProviderBuilderName() {
+        return ClassName.get(basePackage(),
+                             intermediateModel.getMetadata().getServiceName() + "AuthSchemeProviderBuilder");
+    }
+
     public ClassName authSchemeInterceptor() {
         return ClassName.get(internalPackage(), intermediateModel.getMetadata().getServiceName() + "AuthSchemeInterceptor");
     }

codegen/src/main/java/software/amazon/awssdk/codegen/poet/auth/scheme/PreferredAuthSchemeProviderSpec.java

@@ -0,0 +1,108 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.codegen.poet.auth.scheme;
+
+import com.squareup.javapoet.ClassName;
+import com.squareup.javapoet.MethodSpec;
+import com.squareup.javapoet.ParameterizedTypeName;
+import com.squareup.javapoet.TypeSpec;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import javax.lang.model.element.Modifier;
+import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.codegen.model.intermediate.IntermediateModel;
+import software.amazon.awssdk.codegen.poet.ClassSpec;
+import software.amazon.awssdk.codegen.poet.PoetUtils;
+import software.amazon.awssdk.utils.CollectionUtils;
+
+public class PreferredAuthSchemeProviderSpec implements ClassSpec {
+    private final AuthSchemeSpecUtils authSchemeSpecUtils;
+
+    public PreferredAuthSchemeProviderSpec(IntermediateModel intermediateModel) {
+        this.authSchemeSpecUtils = new AuthSchemeSpecUtils(intermediateModel);
+    }
+
+    @Override
+    public ClassName className() {
+        return authSchemeSpecUtils.preferredAuthSchemeProviderName();
+    }
+
+    @Override
+    public TypeSpec poetSpec() {
+        return PoetUtils.createClassBuilder(className())
+                        .addModifiers(Modifier.PUBLIC, Modifier.FINAL)
+                        .addAnnotation(SdkInternalApi.class)
+                        .addField(
+                            authSchemeSpecUtils.providerInterfaceName(), "delegate",
+                            Modifier.PRIVATE, Modifier.FINAL)
+                        .addField(
+                            ParameterizedTypeName.get(List.class, String.class), "authSchemePreference",
+                            Modifier.PRIVATE, Modifier.FINAL)
+                        .addSuperinterface(authSchemeSpecUtils.providerInterfaceName())
+                        .addMethod(constructor())
+                        .addMethod(resolveAuthSchemeMethod())
+                        .build();
+    }
+
+    private MethodSpec constructor() {
+        return MethodSpec
+            .constructorBuilder()
+            .addModifiers(Modifier.PUBLIC)
+            .addParameter(authSchemeSpecUtils.providerInterfaceName(), "delegate")
+            .addParameter(ParameterizedTypeName.get(List.class, String.class), "authSchemePreference")
+            .addStatement("this.delegate = delegate")
+            .addStatement("this.authSchemePreference = authSchemePreference != null ? authSchemePreference "
+                          + ": $T.emptyList()",
+                          Collections.class)
+            .build();
+    }
+
+    private MethodSpec resolveAuthSchemeMethod() {
+        MethodSpec.Builder b = MethodSpec.methodBuilder("resolveAuthScheme")
+                                         .addModifiers(Modifier.PUBLIC)
+                                         .addAnnotation(Override.class)
+                                         .returns(authSchemeSpecUtils.resolverReturnType())
+                                         .addParameter(authSchemeSpecUtils.parametersInterfaceName(), "params");
+        b.addJavadoc("Resolve the auth schemes based on the given set of parameters.");
+        b.addStatement("$T candidateAuthSchemes = delegate.resolveAuthScheme(params)",
+                       authSchemeSpecUtils.resolverReturnType());
+        b.beginControlFlow("if ($T.isNullOrEmpty(authSchemePreference))", CollectionUtils.class)
+            .addStatement("return candidateAuthSchemes")
+            .endControlFlow();
+
+        b.addStatement("$T authSchemes = new $T<>()", authSchemeSpecUtils.resolverReturnType(), ArrayList.class);
+
+        b.beginControlFlow("authSchemePreference.forEach(preferredSchemeId -> ");
+
+        b.beginControlFlow("candidateAuthSchemes.stream().filter(candidate -> ");
+        b.addStatement("String candidateSchemeName = candidate.schemeId().contains(\"#\") ? " +
+                       "candidate.schemeId().split(\"#\")[1] : candidate.schemeId()");
+        b.addStatement("return candidateSchemeName.equals(preferredSchemeId)");
+        b.endControlFlow(").findFirst().ifPresent(authSchemes::add)");
+        b.endControlFlow(")");
+
+        b.beginControlFlow("candidateAuthSchemes.forEach(candidate -> ")
+            .beginControlFlow("if (!authSchemes.contains(candidate))")
+            .addStatement("authSchemes.add(candidate)")
+            .endControlFlow()
+            .endControlFlow(")");
+
+        b.addStatement("return authSchemes");
+        return b.build();
+    }
+
+}

codegen/src/main/java/software/amazon/awssdk/codegen/poet/builder/BaseClientBuilderClass.java

@@ -43,6 +43,7 @@
 import software.amazon.awssdk.auth.signer.Aws4Signer;
 import software.amazon.awssdk.auth.token.credentials.aws.DefaultAwsTokenProvider;
 import software.amazon.awssdk.auth.token.signer.aws.BearerTokenSigner;
+import software.amazon.awssdk.awscore.auth.AuthSchemePreferenceResolver;
 import software.amazon.awssdk.awscore.client.builder.AwsDefaultClientBuilder;
 import software.amazon.awssdk.awscore.client.config.AwsClientOption;
 import software.amazon.awssdk.awscore.endpoint.AwsClientEndpointProvider;
@@ -277,7 +278,7 @@ private MethodSpec mergeServiceDefaultsMethod() {
         builder.addCode(".option($T.ENDPOINT_PROVIDER, defaultEndpointProvider())", SdkClientOption.class);
 
         if (authSchemeSpecUtils.useSraAuth()) {
-            builder.addCode(".option($T.AUTH_SCHEME_PROVIDER, defaultAuthSchemeProvider())", SdkClientOption.class);
+            builder.addCode(".option($T.AUTH_SCHEME_PROVIDER, defaultAuthSchemeProvider(config))", SdkClientOption.class);
             builder.addCode(".option($T.AUTH_SCHEMES, authSchemes())", SdkClientOption.class);
         } else {
             if (defaultAwsAuthSignerMethod().isPresent()) {
@@ -442,7 +443,7 @@ private MethodSpec finalizeServiceConfigurationMethod() {
             // serviceConfigBuilder; the service configuration classes (e.g. S3Configuration) return primitive booleans that
             // have a default when not present.
             builder.addStatement("builder.option($T.DUALSTACK_ENDPOINT_ENABLED, serviceConfigBuilder.dualstackEnabled())",
-                            AwsClientOption.class);
+                                 AwsClientOption.class);
         }
 
         if (model.getCustomizationConfig().getServiceConfig().hasFipsProperty()) {
@@ -452,14 +453,14 @@ private MethodSpec finalizeServiceConfigurationMethod() {
 
         if (model.getEndpointOperation().isPresent()) {
             builder.addStatement("builder.option($T.ENDPOINT_DISCOVERY_ENABLED, endpointDiscoveryEnabled)\n",
-                            SdkClientOption.class);
+                                 SdkClientOption.class);
         }
 
 
         if (StringUtils.isNotBlank(model.getCustomizationConfig().getCustomRetryStrategy())) {
             builder.addStatement("builder.option($1T.RETRY_STRATEGY, $2T.resolveRetryStrategy(config))",
-                            SdkClientOption.class,
-                            PoetUtils.classNameFromFqcn(model.getCustomizationConfig().getCustomRetryStrategy()));
+                                 SdkClientOption.class,
+                                 PoetUtils.classNameFromFqcn(model.getCustomizationConfig().getCustomRetryStrategy()));
         }
 
         if (StringUtils.isNotBlank(model.getCustomizationConfig().getCustomRetryPolicy())) {
@@ -485,7 +486,7 @@ private MethodSpec finalizeServiceConfigurationMethod() {
 
         if (endpointParamsKnowledgeIndex.hasAccountIdEndpointModeBuiltIn()) {
             builder.addStatement("builder.option($T.$L, resolveAccountIdEndpointMode(config))",
-                            AwsClientOption.class, model.getNamingStrategy().getEnumValueName("accountIdEndpointMode"));
+                                 AwsClientOption.class, model.getNamingStrategy().getEnumValueName("accountIdEndpointMode"));
         }
 
         String serviceNameForEnvVar = model.getNamingStrategy().getServiceNameForEnvironmentVariables();
@@ -829,7 +830,19 @@ private MethodSpec sigv4aSigningRegionSetMethod() {
     private MethodSpec defaultAuthSchemeProviderMethod() {
         return MethodSpec.methodBuilder("defaultAuthSchemeProvider")
                          .addModifiers(PRIVATE)
+                         .addParameter(SdkClientConfiguration.class, "config")
                          .returns(authSchemeSpecUtils.providerInterfaceName())
+                         .addCode("$T authSchemePreferenceProvider = "
+                                  + "$T.builder()",
+                                  AuthSchemePreferenceResolver.class, AuthSchemePreferenceResolver.class)
+                         .addCode(".profileFile(config.option($T.PROFILE_FILE_SUPPLIER))", SdkClientOption.class)
+                         .addCode(".profileName(config.option($T.PROFILE_NAME))", SdkClientOption.class)
+                         .addStatement(".build()")
+                         .addStatement("List<String> preferences = authSchemePreferenceProvider.resolveAuthSchemePreference()")
+                         .beginControlFlow("if(!preferences.isEmpty())")
+                         .addStatement("return $T.defaultProvider(preferences)",
+                                       authSchemeSpecUtils.providerInterfaceName())
+                         .endControlFlow()
                          .addStatement("return $T.defaultProvider()", authSchemeSpecUtils.providerInterfaceName())
                          .build();
     }
@@ -965,10 +978,10 @@ private MethodSpec internalPluginsMethod() {
         List<String> internalPlugins = model.getCustomizationConfig().getInternalPlugins();
         if (internalPlugins.isEmpty()) {
             return builder.addStatement("return $T.emptyList()", Collections.class)
-                .build();
+                          .build();
         }
 
-        builder.addStatement("$T internalPlugins = new $T<>()", parameterizedTypeName,  ArrayList.class);
+        builder.addStatement("$T internalPlugins = new $T<>()", parameterizedTypeName, ArrayList.class);
 
         for (String internalPlugin : internalPlugins) {
             String arguments = internalPluginNewArguments(internalPlugin);

codegen/src/test/java/software/amazon/awssdk/codegen/poet/auth/scheme/AuthSchemeSpecTest.java

@@ -66,6 +66,12 @@ static List<TestCase> parameters() {
                     .caseName("query")
                     .outputFileSuffix("default-params")
                     .build(),
+            TestCase.builder()
+                    .modelProvider(ClientTestModels::queryServiceModels)
+                    .classSpecProvider(PreferredAuthSchemeProviderSpec::new)
+                    .caseName("query")
+                    .outputFileSuffix("preferred-provider")
+                    .build(),
             // query-endpoint-auth-params
             TestCase.builder()
                     .modelProvider(ClientTestModels::queryServiceModelsEndpointAuthParamsWithAllowList)

codegen/src/test/resources/software/amazon/awssdk/codegen/poet/auth/scheme/query-auth-scheme-preferred-provider.java

@@ -0,0 +1,51 @@
+package software.amazon.awssdk.services.query.auth.scheme.internal;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import software.amazon.awssdk.annotations.Generated;
+import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeOption;
+import software.amazon.awssdk.services.query.auth.scheme.QueryAuthSchemeParams;
+import software.amazon.awssdk.services.query.auth.scheme.QueryAuthSchemeProvider;
+import software.amazon.awssdk.utils.CollectionUtils;
+
+@Generated("software.amazon.awssdk:codegen")
+@SdkInternalApi
+public final class PreferredQueryAuthSchemeProvider implements QueryAuthSchemeProvider {
+    private final QueryAuthSchemeProvider delegate;
+
+    private final List<String> authSchemePreference;
+
+    public PreferredQueryAuthSchemeProvider(QueryAuthSchemeProvider delegate, List<String> authSchemePreference) {
+        this.delegate = delegate;
+        this.authSchemePreference = authSchemePreference != null ? authSchemePreference : Collections.emptyList();
+    }
+
+    /**
+     * Resolve the auth schemes based on the given set of parameters.
+     */
+    @Override
+    public List<AuthSchemeOption> resolveAuthScheme(QueryAuthSchemeParams params) {
+        List<AuthSchemeOption> candidateAuthSchemes = delegate.resolveAuthScheme(params);
+        if (CollectionUtils.isNullOrEmpty(authSchemePreference)) {
+            return candidateAuthSchemes;
+        }
+        List<AuthSchemeOption> authSchemes = new ArrayList<>();
+        authSchemePreference.forEach(preferredSchemeId -> {
+            candidateAuthSchemes
+                .stream()
+                .filter(candidate -> {
+                    String candidateSchemeName = candidate.schemeId().contains("#") ? candidate.schemeId().split("#")[1]
+                                                                                    : candidate.schemeId();
+                    return candidateSchemeName.equals(preferredSchemeId);
+                }).findFirst().ifPresent(authSchemes::add);
+        });
+        candidateAuthSchemes.forEach(candidate -> {
+            if (!authSchemes.contains(candidate)) {
+                authSchemes.add(candidate);
+            }
+        });
+        return authSchemes;
+    }
+}

codegen/src/test/resources/software/amazon/awssdk/codegen/poet/auth/scheme/query-auth-scheme-provider.java

@@ -1,18 +1,3 @@
-/*
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- *
- * Licensed under the Apache License, Version 2.0 (the "License").
- * You may not use this file except in compliance with the License.
- * A copy of the License is located at
- *
- *  http://aws.amazon.com/apache2.0
- *
- * or in the "license" file accompanying this file. This file is distributed
- * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
- * express or implied. See the License for the specific language governing
- * permissions and limitations under the License.
- */
-
 package software.amazon.awssdk.services.query.auth.scheme;
 
 import java.util.List;
@@ -22,6 +7,7 @@
 import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeOption;
 import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeProvider;
 import software.amazon.awssdk.services.query.auth.scheme.internal.DefaultQueryAuthSchemeProvider;
+import software.amazon.awssdk.services.query.auth.scheme.internal.PreferredQueryAuthSchemeProvider;
 
 /**
  * An auth scheme provider for Query service. The auth scheme provider takes a set of parameters using
@@ -50,4 +36,11 @@ default List<AuthSchemeOption> resolveAuthScheme(Consumer<QueryAuthSchemeParams.
     static QueryAuthSchemeProvider defaultProvider() {
         return DefaultQueryAuthSchemeProvider.create();
     }
+
+    /**
+     * Get the default auth scheme provider the preferred auth schemes in order of preference.
+     */
+    static QueryAuthSchemeProvider defaultProvider(List<String> authSchemePreference) {
+        return new PreferredQueryAuthSchemeProvider(defaultProvider(), authSchemePreference);
+    }
 }