aws-smithy-runtime 1.11.1

The new smithy runtime crate
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214

/*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * SPDX-License-Identifier: Apache-2.0
 */

//! The [`NoAuthRuntimePlugin`] and supporting code.

use crate::client::identity::no_auth::NoAuthIdentityResolver;
use aws_smithy_runtime_api::box_error::BoxError;
use aws_smithy_runtime_api::client::auth::static_resolver::StaticAuthSchemeOptionResolver;
use aws_smithy_runtime_api::client::auth::{
    AuthScheme, AuthSchemeEndpointConfig, AuthSchemeId, AuthSchemeOption,
    AuthSchemeOptionResolverParams, AuthSchemeOptionsFuture, ResolveAuthSchemeOptions,
    SharedAuthScheme, SharedAuthSchemeOptionResolver, Sign,
};
use aws_smithy_runtime_api::client::identity::{Identity, SharedIdentityResolver};
use aws_smithy_runtime_api::client::orchestrator::HttpRequest;
use aws_smithy_runtime_api::client::runtime_components::{
    GetIdentityResolver, RuntimeComponents, RuntimeComponentsBuilder,
};
use aws_smithy_runtime_api::client::runtime_plugin::{Order, RuntimePlugin};
use aws_smithy_runtime_api::shared::IntoShared;
use aws_smithy_types::config_bag::ConfigBag;
use std::borrow::Cow;

/// Auth scheme ID for "no auth".
pub const NO_AUTH_SCHEME_ID: AuthSchemeId = AuthSchemeId::new("noAuth");

/// A [`RuntimePlugin`] that registers a "no auth" identity resolver and auth scheme.
///
/// This plugin can be used to disable authentication in certain cases, such as when there is
/// a Smithy `@optionalAuth` trait.
///
/// Note: This plugin does not work out of the box because it does not configure an auth scheme option resolver
/// that recognizes the `noAuth` scheme.
#[doc(hidden)]
#[non_exhaustive]
#[derive(Debug)]
#[deprecated(since = "1.9.8", note = "Use `NoAuthRuntimePluginV2` instead")]
pub struct NoAuthRuntimePlugin(RuntimeComponentsBuilder);

#[allow(deprecated)]
impl Default for NoAuthRuntimePlugin {
    fn default() -> Self {
        Self::new()
    }
}

#[allow(deprecated)]
impl NoAuthRuntimePlugin {
    /// Creates a new `NoAuthRuntimePlugin`.
    pub fn new() -> Self {
        Self(
            RuntimeComponentsBuilder::new("NoAuthRuntimePlugin")
                .with_identity_resolver(
                    NO_AUTH_SCHEME_ID,
                    SharedIdentityResolver::new(NoAuthIdentityResolver::new()),
                )
                .with_auth_scheme(SharedAuthScheme::new(NoAuthScheme::new())),
        )
    }
}

#[allow(deprecated)]
impl RuntimePlugin for NoAuthRuntimePlugin {
    fn runtime_components(
        &self,
        _: &RuntimeComponentsBuilder,
    ) -> Cow<'_, RuntimeComponentsBuilder> {
        Cow::Borrowed(&self.0)
    }
}

/// A [`RuntimePlugin`] that registers a "no auth" identity resolver, auth scheme, and auth scheme option resolver.
///
/// Ideally, a Smithy model should use `@optionalAuth` or `@auth([])` on operations so that:
/// - The Smithy runtime supports the no-auth scheme
/// - The code-generated default auth scheme option resolver includes the no-auth scheme for those operations
///
/// When that is not possible, this plugin can be used to achieve the same effect.
#[derive(Debug)]
pub struct NoAuthRuntimePluginV2(RuntimeComponentsBuilder);

impl Default for NoAuthRuntimePluginV2 {
    fn default() -> Self {
        Self::new()
    }
}

impl NoAuthRuntimePluginV2 {
    /// Creates a new `NoAuthRuntimePluginV2`.
    pub fn new() -> Self {
        Self(
            RuntimeComponentsBuilder::new("NoAuthRuntimePluginV2")
                .with_identity_resolver(
                    NO_AUTH_SCHEME_ID,
                    SharedIdentityResolver::new(NoAuthIdentityResolver::new()),
                )
                .with_auth_scheme(SharedAuthScheme::new(NoAuthScheme::new())),
        )
    }
}

impl RuntimePlugin for NoAuthRuntimePluginV2 {
    fn order(&self) -> Order {
        // This plugin should be applied as an escape hatch to append the no-auth scheme, hence `NestedComponents`.
        Order::NestedComponents
    }

    fn runtime_components(
        &self,
        current_components: &RuntimeComponentsBuilder,
    ) -> Cow<'_, RuntimeComponentsBuilder> {
        // No auth scheme option resolver is configured here because it needs to access
        // the existing resolver (likely the code-generated default) stored in the
        // current runtime components builder.
        let auth_scheme_option_resolver: SharedAuthSchemeOptionResolver =
            match current_components.auth_scheme_option_resolver() {
                Some(current_resolver) => {
                    NoAuthSchemeOptionResolver::new(current_resolver.clone()).into_shared()
                }
                None => StaticAuthSchemeOptionResolver::new(vec![NO_AUTH_SCHEME_ID]).into_shared(),
            };
        Cow::Owned(
            self.0
                .clone()
                .with_auth_scheme_option_resolver(Some(auth_scheme_option_resolver)),
        )
    }
}

#[derive(Debug)]
struct NoAuthSchemeOptionResolver<R> {
    inner: R,
}

impl<R> NoAuthSchemeOptionResolver<R> {
    fn new(inner: R) -> Self {
        Self { inner }
    }
}

impl<R> ResolveAuthSchemeOptions for NoAuthSchemeOptionResolver<R>
where
    R: ResolveAuthSchemeOptions,
{
    fn resolve_auth_scheme_options_v2<'a>(
        &'a self,
        params: &'a AuthSchemeOptionResolverParams,
        cfg: &'a ConfigBag,
        runtime_components: &'a RuntimeComponents,
    ) -> AuthSchemeOptionsFuture<'a> {
        let inner_future =
            self.inner
                .resolve_auth_scheme_options_v2(params, cfg, runtime_components);

        AuthSchemeOptionsFuture::new(async move {
            let mut options = inner_future.await?;
            options.push(AuthSchemeOption::from(NO_AUTH_SCHEME_ID));
            Ok(options)
        })
    }
}

/// The "no auth" auth scheme.
///
/// The orchestrator requires an auth scheme, so Smithy's `@optionalAuth` trait is implemented
/// by placing a "no auth" auth scheme at the end of the auth scheme options list so that it is
/// used if there's no identity resolver available for the other auth schemes. It's also used
/// for models that don't have auth at all.
#[derive(Debug, Default)]
pub struct NoAuthScheme {
    signer: NoAuthSigner,
}

impl NoAuthScheme {
    /// Creates a new `NoAuthScheme`.
    pub fn new() -> Self {
        Self::default()
    }
}

#[derive(Debug, Default)]
struct NoAuthSigner;

impl Sign for NoAuthSigner {
    fn sign_http_request(
        &self,
        _request: &mut HttpRequest,
        _identity: &Identity,
        _auth_scheme_endpoint_config: AuthSchemeEndpointConfig<'_>,
        _runtime_components: &RuntimeComponents,
        _config_bag: &ConfigBag,
    ) -> Result<(), BoxError> {
        Ok(())
    }
}

impl AuthScheme for NoAuthScheme {
    fn scheme_id(&self) -> AuthSchemeId {
        NO_AUTH_SCHEME_ID
    }

    fn identity_resolver(
        &self,
        identity_resolvers: &dyn GetIdentityResolver,
    ) -> Option<SharedIdentityResolver> {
        identity_resolvers.identity_resolver(NO_AUTH_SCHEME_ID)
    }

    fn signer(&self) -> &dyn Sign {
        &self.signer
    }
}