File: endpoint_auth_resolver.go

package info (click to toggle)
golang-github-aws-aws-sdk-go-v2 1.24.1-2~bpo12%2B1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm-backports
  • size: 554,032 kB
  • sloc: java: 15,941; makefile: 419; sh: 175
file content (115 lines) | stat: -rw-r--r-- 2,819 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
 
package s3

import (
	"context"
	"fmt"

	smithyauth "github.com/aws/smithy-go/auth"
)

type endpointAuthResolver struct {
	EndpointResolver EndpointResolverV2
}

var _ AuthSchemeResolver = (*endpointAuthResolver)(nil)

func (r *endpointAuthResolver) ResolveAuthSchemes(
	ctx context.Context, params *AuthResolverParameters,
) (
	[]*smithyauth.Option, error,
) {
	opts, err := r.resolveAuthSchemes(ctx, params)
	if err != nil {
		return nil, err
	}

	// canonicalize sigv4-s3express ID
	for _, opt := range opts {
		if opt.SchemeID == "sigv4-s3express" {
			opt.SchemeID = "com.amazonaws.s3#sigv4express"
		}
	}

	// preserve pre-SRA behavior where everything technically had anonymous
	return append(opts, &smithyauth.Option{
		SchemeID: smithyauth.SchemeIDAnonymous,
	}), nil
}

func (r *endpointAuthResolver) resolveAuthSchemes(
	ctx context.Context, params *AuthResolverParameters,
) (
	[]*smithyauth.Option, error,
) {
	baseOpts, err := (&defaultAuthSchemeResolver{}).ResolveAuthSchemes(ctx, params)
	if err != nil {
		return nil, fmt.Errorf("get base options: %w", err)
	}

	endpt, err := r.EndpointResolver.ResolveEndpoint(ctx, *params.endpointParams)
	if err != nil {
		return nil, fmt.Errorf("resolve endpoint: %w", err)
	}

	endptOpts, ok := smithyauth.GetAuthOptions(&endpt.Properties)
	if !ok {
		return baseOpts, nil
	}

	// the list of options from the endpoint is authoritative, however, the
	// modeled options have some properties that the endpoint ones don't, so we
	// start from the latter and merge in
	for _, endptOpt := range endptOpts {
		if baseOpt := findScheme(baseOpts, endptOpt.SchemeID); baseOpt != nil {
			rebaseProps(endptOpt, baseOpt)
		}
	}

	return endptOpts, nil
}

// rebase the properties of dst, taking src as the base and overlaying those
// from dst
func rebaseProps(dst, src *smithyauth.Option) {
	iprops, sprops := src.IdentityProperties, src.SignerProperties

	iprops.SetAll(&dst.IdentityProperties)
	sprops.SetAll(&dst.SignerProperties)

	dst.IdentityProperties = iprops
	dst.SignerProperties = sprops
}

func findScheme(opts []*smithyauth.Option, schemeID string) *smithyauth.Option {
	for _, opt := range opts {
		if opt.SchemeID == schemeID {
			return opt
		}
	}
	return nil
}

func finalizeServiceEndpointAuthResolver(options *Options) {
	if _, ok := options.AuthSchemeResolver.(*defaultAuthSchemeResolver); !ok {
		return
	}

	options.AuthSchemeResolver = &endpointAuthResolver{
		EndpointResolver: options.EndpointResolverV2,
	}
}

func finalizeOperationEndpointAuthResolver(options *Options) {
	resolver, ok := options.AuthSchemeResolver.(*endpointAuthResolver)
	if !ok {
		return
	}

	if resolver.EndpointResolver == options.EndpointResolverV2 {
		return
	}

	options.AuthSchemeResolver = &endpointAuthResolver{
		EndpointResolver: options.EndpointResolverV2,
	}
}