s3express fixes

aws · Feb 6, 2025 · a84edab · a84edab
1 parent 1808676
commit a84edab
Show file tree

Hide file tree

Showing 5 changed files with 39 additions and 27 deletions.
diff --git a/generated/src/aws-cpp-sdk-s3/source/S3Client.cpp b/generated/src/aws-cpp-sdk-s3/source/S3Client.cpp
@@ -168,7 +168,7 @@ S3Client::S3Client(const S3::S3ClientConfiguration& clientConfiguration,
                   auto credsResolver = Aws::MakeShared<smithy::DefaultAwsCredentialIdentityResolver>(ALLOCATION_TAG);
                   return {
                   {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
-                  {smithy::S3ExpressSigV4AuthSchemeOption::s3ExpressSigV4AuthSchemeOption.schemeId, smithy::S3ExpressSigV4AuthScheme{clientConfiguration.identityProviderSupplier(*this), credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
+                  {smithy::S3ExpressSigV4AuthSchemeOption::s3ExpressSigV4AuthSchemeOption.schemeId, smithy::S3ExpressSigV4AuthScheme{clientConfiguration.identityProviderSupplier(*this), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
                   {smithy::SigV4aAuthSchemeOption::sigV4aAuthSchemeOption.schemeId, smithy::SigV4aAuthScheme{credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
                   };
             }()
@@ -190,7 +190,7 @@ S3Client::S3Client(const AWSCredentials& credentials,
                   auto credsResolver = Aws::MakeShared<smithy::SimpleAwsCredentialIdentityResolver>(ALLOCATION_TAG, credentials );
                   return {
                   {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
-                  {smithy::S3ExpressSigV4AuthSchemeOption::s3ExpressSigV4AuthSchemeOption.schemeId, smithy::S3ExpressSigV4AuthScheme{clientConfiguration.identityProviderSupplier(*this), credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
+                  {smithy::S3ExpressSigV4AuthSchemeOption::s3ExpressSigV4AuthSchemeOption.schemeId, smithy::S3ExpressSigV4AuthScheme{clientConfiguration.identityProviderSupplier(*this), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
                   {smithy::SigV4aAuthSchemeOption::sigV4aAuthSchemeOption.schemeId, smithy::SigV4aAuthScheme{credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
                   };
             }()
@@ -212,7 +212,7 @@ S3Client::S3Client(const std::shared_ptr<AWSCredentialsProvider>& credentialsPro
                   auto credsResolver = Aws::MakeShared<smithy::AwsCredentialsProviderIdentityResolver>(ALLOCATION_TAG, credentialsProvider );
                   return {
                   {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
-                  {smithy::S3ExpressSigV4AuthSchemeOption::s3ExpressSigV4AuthSchemeOption.schemeId, smithy::S3ExpressSigV4AuthScheme{clientConfiguration.identityProviderSupplier(*this), credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
+                  {smithy::S3ExpressSigV4AuthSchemeOption::s3ExpressSigV4AuthSchemeOption.schemeId, smithy::S3ExpressSigV4AuthScheme{clientConfiguration.identityProviderSupplier(*this), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
                   {smithy::SigV4aAuthSchemeOption::sigV4aAuthSchemeOption.schemeId, smithy::SigV4aAuthScheme{credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
                   };
             }()
@@ -237,7 +237,7 @@ S3Client::S3Client(const Client::ClientConfiguration& clientConfiguration,
                   auto credsResolver = Aws::MakeShared<smithy::DefaultAwsCredentialIdentityResolver>(ALLOCATION_TAG);
                   return {
                   {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
-                  {smithy::S3ExpressSigV4AuthSchemeOption::s3ExpressSigV4AuthSchemeOption.schemeId, smithy::S3ExpressSigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
+                  {smithy::S3ExpressSigV4AuthSchemeOption::s3ExpressSigV4AuthSchemeOption.schemeId, smithy::S3ExpressSigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
                   {smithy::SigV4aAuthSchemeOption::sigV4aAuthSchemeOption.schemeId, smithy::SigV4aAuthScheme{credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
                   };
             }()
@@ -263,7 +263,7 @@ S3Client::S3Client(
                   auto credsResolver = Aws::MakeShared<smithy::SimpleAwsCredentialIdentityResolver>(ALLOCATION_TAG, credentials );
                   return {
                   {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
-                  {smithy::S3ExpressSigV4AuthSchemeOption::s3ExpressSigV4AuthSchemeOption.schemeId, smithy::S3ExpressSigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
+                  {smithy::S3ExpressSigV4AuthSchemeOption::s3ExpressSigV4AuthSchemeOption.schemeId, smithy::S3ExpressSigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
                   {smithy::SigV4aAuthSchemeOption::sigV4aAuthSchemeOption.schemeId, smithy::SigV4aAuthScheme{credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
                   };
             }()
@@ -289,7 +289,7 @@ S3Client::S3Client(
                   auto credsResolver = Aws::MakeShared<smithy::AwsCredentialsProviderIdentityResolver>(ALLOCATION_TAG, credentialsProvider );
                   return {
                   {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
-                  {smithy::S3ExpressSigV4AuthSchemeOption::s3ExpressSigV4AuthSchemeOption.schemeId, smithy::S3ExpressSigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
+                  {smithy::S3ExpressSigV4AuthSchemeOption::s3ExpressSigV4AuthSchemeOption.schemeId, smithy::S3ExpressSigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
                   {smithy::SigV4aAuthSchemeOption::sigV4aAuthSchemeOption.schemeId, smithy::SigV4aAuthScheme{credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
                   };
             }()
@@ -311,6 +311,7 @@ S3Client& S3Client::operator=(S3Client &&rhs) noexcept {
   AwsSmithyClientT::operator=(std::move(rhs));
   return *this;
 }
+
 /* End of legacy constructors due deprecation */
 
 S3Client::~S3Client()

diff --git a/src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/S3ExpressSigV4AuthScheme.h b/src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/S3ExpressSigV4AuthScheme.h
@@ -24,16 +24,14 @@ namespace smithy {
 
 
         explicit S3ExpressSigV4AuthScheme(std::shared_ptr<AwsCredentialIdentityResolverT> identityResolver,
-                                 std::shared_ptr<AwsCredentialIdentityResolverT> credsProvider,
                                  const Aws::String& serviceName,
                                  const Aws::String& region,
                                  Aws::Client::AWSAuthV4Signer::PayloadSigningPolicy policy,
                                  bool urlEscapePath)
             : AuthScheme(SIGV4_EXPRESS), 
             m_identityResolver{identityResolver}, 
-            m_signer{Aws::MakeShared<S3ExpressSigner<AwsSigV4Signer>>("S3ExpressSigV4AuthScheme", credsProvider, serviceName, region, policy, urlEscapePath)}
+            m_signer{Aws::MakeShared<S3ExpressSigner<AwsSigV4Signer>>("S3ExpressSigV4AuthScheme", serviceName, region, policy, urlEscapePath)}
         {
-            assert(credsProvider);
             assert(m_identityResolver);
             assert(m_signer);
         }

diff --git a/src/aws-cpp-sdk-core/include/smithy/identity/signer/built-in/S3ExpressSigner.h b/src/aws-cpp-sdk-core/include/smithy/identity/signer/built-in/S3ExpressSigner.h
@@ -9,12 +9,14 @@
 #include <aws/core/utils/logging/LogMacros.h>
 #include <aws/core/platform/Environment.h>
 #include <aws/core/utils/UUID.h>
+#include <smithy/identity/identity/AwsCredentialIdentity.h>
 #include <aws/core/client/AWSError.h>
 namespace smithy {
     static const char *S3_EXPRESS_HEADER = "x-amz-s3session-token";
     static const char *S3_EXPRESS_QUERY_PARAM = "X-Amz-S3session-Token";
     static const char *S3_EXPRESS_SIGNER_NAME = "S3ExpressSigner";
 
+namespace {
     template <typename T>
     struct IsValidS3ExpressSigner : std::false_type {};
 
@@ -24,6 +26,22 @@ namespace smithy {
     template <>
     struct IsValidS3ExpressSigner<AwsSigV4aSigner> : std::true_type {};
 
+    template <typename BASECLASS>
+    struct ExtractIdentity : public std::enable_if<IsValidS3ExpressSigner<BASECLASS>::value, BASECLASS>::type
+    {
+      AwsCredentialIdentity operator()(const AwsCredentialIdentityBase& identity) const {
+        return AwsCredentialIdentity{identity.accessKeyId(), identity.secretAccessKey(), identity.sessionToken(),identity.expiration()};
+      }
+    };
+
+    template <>
+    struct ExtractIdentity<AwsSigV4Signer> {
+      auto operator()(const AwsCredentialIdentityBase& identity) const -> AwsCredentialIdentity {
+        return AwsCredentialIdentity{identity.accessKeyId(), identity.secretAccessKey(), {},{}};
+      }
+    };
+}
+
     //Ensuring S3 Express Signer can use Sigv4 or Sigv4a signing algorithm
     template <typename BASECLASS>
     class S3ExpressSigner : public std::enable_if<IsValidS3ExpressSigner<BASECLASS>::value, BASECLASS>::type
@@ -32,16 +50,14 @@ namespace smithy {
         using SigningFutureOutcome = typename BASECLASS::SigningFutureOutcome;
         using SigningProperties = typename BASECLASS::SigningProperties;
         using SigningError = typename BASECLASS::SigningError;
-        explicit S3ExpressSigner(std::shared_ptr<IdentityResolverBase<AwsCredentialIdentityBase>>& credsProvider, const Aws::String& serviceName, const Aws::String& region)
-            : BASECLASS(serviceName, region), m_credsProvider{credsProvider}
+        explicit S3ExpressSigner(const Aws::String& serviceName, const Aws::String& region)
+            : BASECLASS(serviceName, region)
         {
-          assert(m_credsProvider);
         }
 
-        explicit S3ExpressSigner(std::shared_ptr<IdentityResolverBase<AwsCredentialIdentityBase>>& credsProvider, const Aws::String& serviceName, const Aws::String& region, Aws::Client::AWSAuthV4Signer::PayloadSigningPolicy policy, bool escapeUrl)
-            : BASECLASS(serviceName, region, policy, escapeUrl),m_credsProvider{credsProvider}
+        explicit S3ExpressSigner(const Aws::String& serviceName, const Aws::String& region, Aws::Client::AWSAuthV4Signer::PayloadSigningPolicy policy, bool escapeUrl)
+            : BASECLASS(serviceName, region, policy, escapeUrl)
         {
-          assert(m_credsProvider);
         }
 
         SigningFutureOutcome sign(std::shared_ptr<Aws::Http::HttpRequest> httpRequest, const AwsCredentialIdentityBase& identity, SigningProperties properties) override
@@ -60,9 +76,7 @@ namespace smithy {
             }
             putRequestId(requestId);
             httpRequest->SetHeaderValue(S3_EXPRESS_HEADER, identity.sessionToken().value());
-            auto isSigned = BASECLASS::sign(httpRequest,  identity, properties);
-
-            //auto isSigned = BASECLASS::sign(httpRequest,  *(m_credsProvider->getIdentity(properties, properties).GetResult()), properties);
+            auto isSigned = BASECLASS::sign(httpRequest,  ExtractIdentity<BASECLASS>()(identity), properties);
             deleteRequestId(requestId);
             return SigningFutureOutcome(std::move(httpRequest));
         }
@@ -106,6 +120,5 @@ namespace smithy {
 
         mutable std::set<Aws::String> m_requestsProcessing;
         mutable std::mutex m_requestProcessing;
-        std::shared_ptr<IdentityResolverBase<AwsCredentialIdentityBase>> m_credsProvider;
     };
 }
diff --git a/src/aws-cpp-sdk-core/source/auth/signer/AWSAuthV4Signer.cpp b/src/aws-cpp-sdk-core/source/auth/signer/AWSAuthV4Signer.cpp
@@ -51,7 +51,6 @@ namespace Aws
     {
         const char SIGV4_SIGNER[] = "SignatureV4";
         const char ASYMMETRIC_SIGV4_SIGNER[] = "AsymmetricSignatureV4";
-        static const char *S3_EXPRESS_HEADER = "x-amz-s3session-token";
     }
 }
 
@@ -211,7 +210,7 @@ bool AWSAuthV4Signer::SignRequestWithCreds(Aws::Http::HttpRequest& request, cons
     }
 
     //additional check is needed for s3 header since this is invoked by s3 signer
-    if (!credentials.GetSessionToken().empty() && !request.HasHeader(S3_EXPRESS_HEADER))
+    if (!credentials.GetSessionToken().empty())
     {
         request.SetAwsSessionToken(credentials.GetSessionToken());
     }

diff --git a/...urces/com/amazonaws/util/awsclientgenerator/velocity/cpp/smithy/SmithyClientSourceInit.vm b/...urces/com/amazonaws/util/awsclientgenerator/velocity/cpp/smithy/SmithyClientSourceInit.vm
@@ -56,7 +56,7 @@ ${className}::${className}(const ${clientConfiguration}& clientConfiguration,
                   return {
 #foreach($entry in $AuthSchemeMapEntries)
 #if($AuthSchemes && $AuthSchemes[$foreach.index] == $s3_express_auth)
-                  {${entry}{clientConfiguration.identityProviderSupplier(*this), credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
+                  {${entry}{clientConfiguration.identityProviderSupplier(*this), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
 #else
                   {${entry}{credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
 #end
@@ -88,7 +88,7 @@ ${className}::${className}(const AWSCredentials& credentials,
                   return {
 #foreach($entry in $AuthSchemeMapEntries)
 #if($AuthSchemes && $AuthSchemes[$foreach.index] == $s3_express_auth)
-                  {${entry}{clientConfiguration.identityProviderSupplier(*this), credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
+                  {${entry}{clientConfiguration.identityProviderSupplier(*this), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
 #else
                   {${entry}{credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
 #end
@@ -120,7 +120,7 @@ ${className}::${className}(const std::shared_ptr<AWSCredentialsProvider>& creden
                   return {
 #foreach($entry in $AuthSchemeMapEntries)
 #if($AuthSchemes && $AuthSchemes[$foreach.index] == $s3_express_auth)
-                  {${entry}{clientConfiguration.identityProviderSupplier(*this), credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
+                  {${entry}{clientConfiguration.identityProviderSupplier(*this), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
 #else
                   {${entry}{credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
 #end
@@ -155,7 +155,7 @@ ${className}::${className}(const Client::ClientConfiguration& clientConfiguratio
                   return {
 #foreach($entry in $AuthSchemeMapEntries)
 #if($AuthSchemes && $AuthSchemes[$foreach.index] == $s3_express_auth)
-                  {${entry}{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
+                  {${entry}{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
 #else
                   {${entry}{credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
 #end
@@ -185,7 +185,7 @@ ${className}::${className}(
                   return {
 #foreach($entry in $AuthSchemeMapEntries)
 #if($AuthSchemes && $AuthSchemes[$foreach.index] == $s3_express_auth)
-                  {${entry}{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
+                  {${entry}{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
 #else
                   {${entry}{credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
 #end
@@ -215,7 +215,7 @@ ${className}::${className}(
                   return {
 #foreach($entry in $AuthSchemeMapEntries)
 #if($AuthSchemes && $AuthSchemes[$foreach.index] == $s3_express_auth)
-                  {${entry}{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
+                  {${entry}{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
 #else
                   {${entry}{credsResolver, GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
 #end
@@ -240,6 +240,7 @@ ${className}& ${className}::operator=(${className} &&rhs) noexcept {
   AwsSmithyClientT::operator=(std::move(rhs));
   return *this;
 }
+
 #else
 ${className}::${className}(const Client::ClientConfiguration& clientConfiguration) :
     AwsSmithyClientT(clientConfiguration,