multi auth support + sigv4a fixes

generated/src/aws-cpp-sdk-s3/include/aws/s3/S3Client.h

@@ -10,8 +10,10 @@
 #include <aws/core/client/AWSClientAsyncCRTP.h>
 #include <aws/s3/S3ServiceClientModel.h>
 #include <smithy/client/AwsSmithyClient.h>
-#include <smithy/identity/auth/built-in/SigV4AuthSchemeResolver.h>
+#include <smithy/identity/auth/built-in/SigV4MultiAuthResolver.h>
 #include <smithy/identity/auth/built-in/SigV4AuthScheme.h>
+#include <smithy/identity/auth/built-in/SigV4aAuthScheme.h>
+#include <smithy/identity/auth/built-in/S3ExpressSigV4AuthScheme.h>
 #include <smithy/client/serializer/XmlOutcomeSerializer.h>
 #include <aws/core/utils/DNS.h>
 
@@ -48,8 +50,8 @@ namespace Aws
      */
     class AWS_S3_API S3Client : public smithy::client::AwsSmithyClientT<Aws::S3::SERVICE_NAME,
       Aws::S3::S3ClientConfiguration,
-      smithy::SigV4AuthSchemeResolver<>,
-      Aws::Crt::Variant<smithy::SigV4AuthScheme>,
+      smithy::SigV4MultiAuthSchemeResolver<>,
+      Aws::Crt::Variant<smithy::SigV4AuthScheme,smithy::S3ExpressSigV4AuthScheme,smithy::SigV4aAuthScheme>,
       S3EndpointProviderBase,
       smithy::client::XmlOutcomeSerializer,
       smithy::client::XmlOutcome,

generated/src/aws-cpp-sdk-s3/source/S3Client.cpp

@@ -161,9 +161,11 @@ S3Client::S3Client(const S3::S3ClientConfiguration& clientConfiguration,
         Aws::Http::CreateHttpClient(clientConfiguration),
         Aws::MakeShared<S3ErrorMarshaller>(ALLOCATION_TAG),
         endpointProvider ? endpointProvider : Aws::MakeShared<S3EndpointProvider>(ALLOCATION_TAG),
-        Aws::MakeShared<smithy::SigV4AuthSchemeResolver<>>(ALLOCATION_TAG),
+        Aws::MakeShared<smithy::SigV4MultiAuthSchemeResolver<>>(ALLOCATION_TAG),
         {
-            {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this, Aws::MakeShared<Aws::Auth::DefaultAWSCredentialsProviderChain>(ALLOCATION_TAG)), GetServiceName(), clientConfiguration.region}},
+            {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
+            {smithy::S3ExpressSigV4AuthSchemeOption::s3ExpressSigV4AuthSchemeOption.schemeId, smithy::S3ExpressSigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
+            {smithy::SigV4aAuthSchemeOption::sigV4aAuthSchemeOption.schemeId, smithy::SigV4aAuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
         })
 {}
 
@@ -176,9 +178,11 @@ S3Client::S3Client(const AWSCredentials& credentials,
         Aws::Http::CreateHttpClient(clientConfiguration),
         Aws::MakeShared<S3ErrorMarshaller>(ALLOCATION_TAG),
         endpointProvider ? endpointProvider : Aws::MakeShared<S3EndpointProvider>(ALLOCATION_TAG),
-        Aws::MakeShared<smithy::SigV4AuthSchemeResolver<>>(ALLOCATION_TAG),
+        Aws::MakeShared<smithy::SigV4MultiAuthSchemeResolver<>>(ALLOCATION_TAG),
         {
-            {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{Aws::MakeShared<smithy::SimpleAwsCredentialIdentityResolver>(ALLOCATION_TAG, credentials), GetServiceName(), clientConfiguration.region}},
+            {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this, Aws::MakeShared<SimpleAWSCredentialsProvider>(ALLOCATION_TAG, credentials)  ), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
+            {smithy::S3ExpressSigV4AuthSchemeOption::s3ExpressSigV4AuthSchemeOption.schemeId, smithy::S3ExpressSigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this, Aws::MakeShared<SimpleAWSCredentialsProvider>(ALLOCATION_TAG, credentials)  ), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
+            {smithy::SigV4aAuthSchemeOption::sigV4aAuthSchemeOption.schemeId, smithy::SigV4aAuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this, Aws::MakeShared<SimpleAWSCredentialsProvider>(ALLOCATION_TAG, credentials)  ), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
         })
 {}
 
@@ -191,9 +195,11 @@ S3Client::S3Client(const std::shared_ptr<AWSCredentialsProvider>& credentialsPro
         Aws::Http::CreateHttpClient(clientConfiguration),
         Aws::MakeShared<S3ErrorMarshaller>(ALLOCATION_TAG),
         endpointProvider ? endpointProvider : Aws::MakeShared<S3EndpointProvider>(ALLOCATION_TAG),
-        Aws::MakeShared<smithy::SigV4AuthSchemeResolver<>>(ALLOCATION_TAG),
+        Aws::MakeShared<smithy::SigV4MultiAuthSchemeResolver<>>(ALLOCATION_TAG),
         {
-            {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{ Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG,  *this, credentialsProvider), GetServiceName(), clientConfiguration.region}}
+            {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this, credentialsProvider ), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
+            {smithy::S3ExpressSigV4AuthSchemeOption::s3ExpressSigV4AuthSchemeOption.schemeId, smithy::S3ExpressSigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this, credentialsProvider ), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
+            {smithy::SigV4aAuthSchemeOption::sigV4aAuthSchemeOption.schemeId, smithy::SigV4aAuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this, credentialsProvider ), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), clientConfiguration.payloadSigningPolicy, false}},
         })
 {}
 
@@ -209,10 +215,11 @@ S3Client::S3Client(const Client::ClientConfiguration& clientConfiguration,
       Aws::Http::CreateHttpClient(clientConfiguration),
       Aws::MakeShared<S3ErrorMarshaller>(ALLOCATION_TAG),
       Aws::MakeShared<S3EndpointProvider>(ALLOCATION_TAG),
-      Aws::MakeShared<smithy::SigV4AuthSchemeResolver<>>(ALLOCATION_TAG),
+      Aws::MakeShared<smithy::SigV4MultiAuthSchemeResolver<>>(ALLOCATION_TAG),
       {
-        {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme(Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), 
-            Aws::MakeShared<smithy::AwsSigV4Signer>( ALLOCATION_TAG, GetServiceName(), clientConfiguration.region, signPayloads, false))},
+            {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
+            {smithy::S3ExpressSigV4AuthSchemeOption::s3ExpressSigV4AuthSchemeOption.schemeId, smithy::S3ExpressSigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
+            {smithy::SigV4aAuthSchemeOption::sigV4aAuthSchemeOption.schemeId, smithy::SigV4aAuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
       })
 {
 }
@@ -230,10 +237,11 @@ S3Client::S3Client(
       Aws::Http::CreateHttpClient(clientConfiguration),
       Aws::MakeShared<S3ErrorMarshaller>(ALLOCATION_TAG),
       Aws::MakeShared<S3EndpointProvider>(ALLOCATION_TAG),
-      Aws::MakeShared<smithy::SigV4AuthSchemeResolver<>>(ALLOCATION_TAG),
+      Aws::MakeShared<smithy::SigV4MultiAuthSchemeResolver<>>(ALLOCATION_TAG),
       {
-        {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme(Aws::MakeShared<SimpleAwsCredentialIdentityResolver>(ALLOCATION_TAG, credentials), 
-            Aws::MakeShared<smithy::AwsSigV4Signer>( ALLOCATION_TAG, GetServiceName(), clientConfiguration.region, signPayloads, false))},
+            {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this, Aws::MakeShared<SimpleAWSCredentialsProvider>(ALLOCATION_TAG, credentials)  ), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
+            {smithy::S3ExpressSigV4AuthSchemeOption::s3ExpressSigV4AuthSchemeOption.schemeId, smithy::S3ExpressSigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this, Aws::MakeShared<SimpleAWSCredentialsProvider>(ALLOCATION_TAG, credentials)  ), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
+            {smithy::SigV4aAuthSchemeOption::sigV4aAuthSchemeOption.schemeId, smithy::SigV4aAuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this, Aws::MakeShared<SimpleAWSCredentialsProvider>(ALLOCATION_TAG, credentials)  ), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
       })
 {
 }
@@ -251,10 +259,11 @@ S3Client::S3Client(
       Aws::Http::CreateHttpClient(clientConfiguration),
       Aws::MakeShared<S3ErrorMarshaller>(ALLOCATION_TAG),
       Aws::MakeShared<S3EndpointProvider>(ALLOCATION_TAG),
-      Aws::MakeShared<smithy::SigV4AuthSchemeResolver<>>(ALLOCATION_TAG),
+      Aws::MakeShared<smithy::SigV4MultiAuthSchemeResolver<>>(ALLOCATION_TAG),
       {
-        {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme(Aws::MakeShared<smithy::AwsCredentialsProviderIdentityResolver>(ALLOCATION_TAG, credentialsProvider), 
-            Aws::MakeShared<smithy::AwsSigV4Signer>( ALLOCATION_TAG, GetServiceName(), clientConfiguration.region, signPayloads, false))},
+            {smithy::SigV4AuthSchemeOption::sigV4AuthSchemeOption.schemeId, smithy::SigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this, credentialsProvider ), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
+            {smithy::S3ExpressSigV4AuthSchemeOption::s3ExpressSigV4AuthSchemeOption.schemeId, smithy::S3ExpressSigV4AuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this, credentialsProvider ), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
+            {smithy::SigV4aAuthSchemeOption::sigV4aAuthSchemeOption.schemeId, smithy::SigV4aAuthScheme{Aws::MakeShared<DefaultS3ExpressIdentityResolver>(ALLOCATION_TAG, *this, credentialsProvider ), GetServiceName(), Aws::Region::ComputeSignerRegion(clientConfiguration.region), signPayloads, false}},
       })
 {
 }

generated/src/aws-cpp-sdk-s3/source/S3ExpressIdentityResolver.cpp

@@ -7,7 +7,9 @@
 #include <aws/s3/S3Client.h>
 #include <aws/s3/S3ExpressIdentityResolver.h>
 #include <aws/s3/model/CreateSessionRequest.h>
-
+#include <aws/core/auth/AWSCredentialsProviderChain.h>
+#include <smithy/identity/signer/built-in/S3ExpressSigner.h>
+#include <smithy/identity/signer/built-in/SignerProperties.h>
 #include <utility>
 #include <thread>
 
@@ -22,7 +24,7 @@ namespace{
 const char S3_EXPRESS_IDENTITY_PROVIDER[] = "S3ExpressIdentityProvider";
 const int DEFAULT_CACHE_SIZE = 100;
 }
-S3ExpressIdentityResolver::S3ExpressIdentityResolver(const S3Client& s3Client) : m_s3Client(s3Client) {}
+S3ExpressIdentityResolver::S3ExpressIdentityResolver(const S3Client& s3Client) : m_s3Client(s3Client), m_credsProvider(Aws::MakeShared<Aws::Auth::DefaultAWSCredentialsProviderChain>("S3ExpressIdentityResolver")) {}
 
 S3ExpressIdentityResolver::S3ExpressIdentityResolver(const S3Client& s3Client, std::shared_ptr<Aws::Auth::AWSCredentialsProvider>  credentialProvider):
     m_s3Client{s3Client},m_credsProvider{credentialProvider}{
@@ -50,11 +52,11 @@ S3ExpressIdentityResolver::ResolveIdentityFutureOutcome S3ExpressIdentityResolve
            });
     }
 
-    //if signer name is not s3 express, get from credential provider
-    auto signerName = params->parameterMap.find("signerName");
+    //if signer name is not s3 express as set in signer properties, get from credential provider
+    auto signerName = params->parameterMap.find(smithy::AUTH_SCHEME_PROPERTY);
     if (signerName != params->parameterMap.end())
     {
-       if (signerName->second != "s3express")
+       if (signerName->second != smithy::S3_EXPRESS_SIGNER_NAME)
        {
         if(!m_credsProvider)
         {
@@ -65,7 +67,7 @@ S3ExpressIdentityResolver::ResolveIdentityFutureOutcome S3ExpressIdentityResolve
         return ResolveIdentityFutureOutcome(Aws::MakeUnique<AwsCredentialIdentity>("DefaultAwsCredentialIdentityResolver",  AwsCredentialIdentity{creds.GetAWSAccessKeyId(), creds.GetAWSSecretKey(), creds.GetSessionToken(), creds.GetExpiration()}));
        }
     }
-
+    
     auto identity =  Aws::MakeUnique<AwsCredentialIdentity>("DefaultAwsCredentialIdentityResolver", GetS3ExpressIdentity(params));
 
     return ResolveIdentityFutureOutcome(std::move(identity));
@@ -126,11 +128,13 @@ AwsCredentialIdentity DefaultS3ExpressIdentityResolver::GetS3ExpressIdentity(con
     std::lock_guard<std::mutex> lock(*GetMutexForBucketName(bucketNameIter->second));
     AwsCredentialIdentity identity;
     auto isInCache = m_credentialsCache->Get(bucketNameIter->second, identity);
-    if (!isInCache || (identity.expiration().has_value() && (identity.expiration().value() - minutes(1) < Aws::Utils::DateTime::Now())) || !identity.expiration().has_value()) {
+    if (!isInCache || (identity.expiration().has_value() && (identity.expiration().value() - minutes(1) < Aws::Utils::DateTime::Now())) ) {
         identity = S3ExpressIdentityResolver::GetCredentialsFromBucket(bucketNameIter->second);
-        m_credentialsCache->Put(bucketNameIter->second,
-            identity,
-            std::chrono::milliseconds(identity.expiration().value().Millis() - Aws::Utils::DateTime::Now().Millis()));
+        if (identity.expiration().has_value()) {
+          m_credentialsCache->Put(bucketNameIter->second,
+              identity,
+              std::chrono::milliseconds(identity.expiration().value().Millis() - Aws::Utils::DateTime::Now().Millis()));
+        }
     }
     return identity;
 }
@@ -171,11 +175,13 @@ AwsCredentialIdentity DefaultAsyncS3ExpressIdentityResolver::GetS3ExpressIdentit
   std::lock_guard<std::mutex> lock(*GetMutexForBucketName(bucketNameIter->second));
   AwsCredentialIdentity identity;
   auto isInCache = m_credentialsCache->Get(bucketNameIter->second, identity);
-  if (!isInCache || (identity.expiration().has_value() && (identity.expiration().value() - minutes(1) < Aws::Utils::DateTime::Now())) || !identity.expiration().has_value()) {
+  if (!isInCache || (identity.expiration().has_value() && (identity.expiration().value() - minutes(1) < Aws::Utils::DateTime::Now())) ) {
       identity = S3ExpressIdentityResolver::GetCredentialsFromBucket(bucketNameIter->second);
-      m_credentialsCache->Put(bucketNameIter->second,
-          identity,
-          std::chrono::milliseconds(identity.expiration().value().Millis() - Aws::Utils::DateTime::Now().Millis()));
+      if (identity.expiration().has_value()) {
+        m_credentialsCache->Put(bucketNameIter->second,
+            identity,
+            std::chrono::milliseconds(identity.expiration().value().Millis() - Aws::Utils::DateTime::Now().Millis()));
+      }
   }
   return identity;
 }