Update codegen to automatically add chunked encoding signer property … #6551
Conversation
| "requestValidationModeMember": "ChecksumMode", | ||
| "responseAlgorithms": ["CRC32C", "CRC32", "SHA1", "SHA256"] | ||
| "responseAlgorithms": ["CRC32C", "CRC32", "SHA1", "SHA256"], | ||
| "requestAlgorithmMember": "ChecksumAlgorithm" |
There was a problem hiding this comment.
Added requestAlgorithmMember because per smithy doc https://smithy.io/2.0/aws/aws-core.html#aws-protocols-httpchecksum-trait, either requestAlgorithmMember or requestChecksumRequired is required
The httpChecksum trait MUST define at least one of the request checksumming behavior, by setting the requestAlgorithmMember or requestChecksumRequired property,
| .modelProvider(ClientTestModels::serviceS3) | ||
| .classSpecProvider(ModelBasedAuthSchemeProviderSpec::new) | ||
| .caseName("mini-s3") | ||
| .caseName("s3-test") |
There was a problem hiding this comment.
I changed it to use real s3 model because why not 🤷🏼♀️ and it may help us catch S3 issues
| .caseName("s3-test") | ||
| .outputFileSuffix("fallback-provider") | ||
| .build(), | ||
| // S3 control |
There was a problem hiding this comment.
Added s3 control because it uses legacy signature version
| } | ||
|
|
||
| /** | ||
| * Returns a map from a list of operations to the list of auth-types modeled for those operations. The {@link AuthTrait} |
There was a problem hiding this comment.
I tried my best to explain what this method does here because it's quite hard to understand, lmk if it's still not clear.
There was a problem hiding this comment.
FWIW, I think the explanation is good.
zoewangg
force-pushed
the
zoewang/chunkedEncoding
branch
from
baff246 to
839f640
Compare
sugmanue
left a comment
sugmanue
left a comment
There was a problem hiding this comment.
Minor nits, overall looks good to me.
...main/java/software/amazon/awssdk/codegen/poet/auth/scheme/ModelAuthSchemeKnowledgeIndex.java
Outdated
Show resolved
Hide resolved
...main/java/software/amazon/awssdk/codegen/poet/auth/scheme/ModelAuthSchemeKnowledgeIndex.java
Show resolved
Hide resolved
| } | ||
|
|
||
| /** | ||
| * Returns a map from a list of operations to the list of auth-types modeled for those operations. The {@link AuthTrait} |
There was a problem hiding this comment.
FWIW, I think the explanation is good.
| RegionSet regionSet = Optional.ofNullable(params.regionSet()).orElseGet( | ||
| () -> Optional.ofNullable(sigv4aAuthScheme.signingRegionSet()) | ||
| .filter(set -> !CollectionUtils.isNullOrEmpty(set)).map(RegionSet::create).orElse(null)); |
There was a problem hiding this comment.
Unrelated to this change, but, let's say, this can be improved, two allocs just to write this in a single expression is not a good tradeoff, in my not-so-humble opinion.
There was a problem hiding this comment.
Yeah, to keep this PR small, I will create a separate PR for this
| @@ -0,0 +1,3380 @@ | |||
| { | |||
| "version": "1.0", | |||
There was a problem hiding this comment.
can we please keep this file empty or just keep minimal how much ever required for codegen test
Same for other resource files.
There was a problem hiding this comment.
I used the real s3 and s3 control models as of when the PR was created on purpose because I figured it would help us catch s3 changes. LMK if you have concerns
…for streaming operations with http checksum trait
DefaultS3AuthSchemeProvider diff➜ ~ diff -s baseline_s3_auth_scheme_provider.java new_s3_auth_scheme_provider.java DefaultS3FallbackAuthSchemeProvider diff➜ ~ diff -s baseline_fallback_s3_auth_scheme_provider.java new_fallback_s3_auth_scheme_provider.java DefaultS3ControlAuthSchemeProvider diff➜ ~ diff -s baseline_s3control_auth_scheme_provider.java new_s3control_auth_scheme_provider.java < .putSignerProperty(AwsV4HttpSigner.REGION_NAME, params.region().id()).build());
---
> .putSignerProperty(AwsV4HttpSigner.REGION_NAME, params.region().id())
> .putSignerProperty(AwsV4HttpSigner.DOUBLE_URL_ENCODE, false)
> .putSignerProperty(AwsV4HttpSigner.NORMALIZE_PATH, false).build()); |
…ies since they are handled in codegen now
zoewangg
force-pushed
the
zoewang/chunkedEncoding
branch
from
839f640 to
81c108f
Compare
| * https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html | ||
| */ | ||
| @SdkInternalApi | ||
| public final class ConfigureSignerInterceptor implements ExecutionInterceptor { |
There was a problem hiding this comment.
This is no longer needed because it's handled in generated auth scheme provider now. See DefaultS3ControlAuthSchemeProvider diff in #6551 (comment)
|
| } | ||
|
|
||
| /** | ||
| * Determines if an operation should be included based on whether it has auth traits. |
There was a problem hiding this comment.
minor: It's not clear what the operation should be included in. Could probably just remove that part.
| Map<List<String>, List<AuthSchemeCodegenMetadata>> result = new LinkedHashMap<>(); | ||
| Set<String> processedChunkedOps = new HashSet<>(); | ||
|
|
||
| processOperationsWithAuthTraits(chunkedEncodingOps, serviceDefaults, result, processedChunkedOps); |
There was a problem hiding this comment.
processedChunkedOps is a bit hard to follow; is there a more descriptive name we can use here? i.e. what does it mean for something to be an "unprocessed" chunked operation? It doesn't use service defaults?
4 participants
Motivation and Context
When streaming operations have HTTP checksum traits, they need chunked encoding enabled in the auth signer. Previously, this had to be manually configured. This PR automates the process by detecting these operations during code generation and automatically adding the
CHUNK_ENCODING_ENABLEDproperty to their auth scheme metadata.Additionally, the
ModelAuthSchemeKnowledgeIndexclass was refactored to improve maintainability and clarity.Modifications
Automatic Chunked Encoding Detection:
• Added shouldUseChunkedEncoding() to detect streaming operations with HTTP checksum traits
• Automatically marks these operations with CHUNK_ENCODING_ENABLED property in auth scheme metadata
Refactored ModelAuthSchemeKnowledgeIndex:
• Extracted helper methods for better separation of concerns:
• operationsShouldUseChunkedEncoding() - Identifies operations needing chunked encoding
• processOperationsWithAuthTraits() - Handles main processing loop
• determineAuthScheme() - Decides between custom auth or service defaults
• processRemainingChunkedEncodingOperations() - Handles chunked ops with service defaults
• hasAuthTrait() - Filters operations and validates auth traits
• Generalized validation logic with hasCustomServiceAuthSchemeOverride() instead of hardcoded service checks
• Added javadocs explaining flow and special cases
Test Updates:
• Added test models for S3 and S3Control with chunked encoding scenarios
• Updated existing tests to verify chunked encoding property is correctly added
Testing
• Added new test cases for streaming operations with HTTP checksums
• Verified chunked encoding property is correctly added to auth metadata
• All existing unit tests pass
• Local mvn install succeeds
Types of changes
• [x] New feature (non-breaking change which adds functionality)
Checklist
• [x] I have read the CONTRIBUTING document
• [x] Local run of mvn install succeeds
• [x] My code follows the code style of this project
• [x] My change requires a change to the Javadoc documentation
• [x] I have updated the Javadoc documentation accordingly
• [x] I have added tests to cover my changes
• [x] All new and existing tests passed
• [ ] I have added a changelog entry
• [ ] My change is to implement 1.11 parity feature - N/A
License
• [x] I confirm that this pull request can be released under the Apache 2 license