Merge branch 'main' into feat/sigv4a

CONTRIBUTING.md

@@ -30,7 +30,7 @@ under development:
 
 Experimental Feature | Flag                          | Description
 ---------------------|-------------------------------|------------
-Identity & Auth      | `experimentalIdentityAndAuth` | Standardize identity and auth integrations to match the Smithy specification (see [Authentication Traits](https://smithy.io/2.0/spec/authentication-traits.html)). Newer capabilities include support for multiple auth schemes, `@optionalAuth`, and standardized identity interfaces for authentication schemes both in code generation and TypeScript packages. In `smithy-typescript`, `@httpApiKeyAuth` will be updated to use the new standardized interfaces. In `aws-sdk-js-v3` (`smithy-typescript`'s largest customer), this will affect `@aws.auth#sigv4` and `@httpBearerAuth` implementations, but is planned to be completely backwards-compatible.
+N/A                  | N/A                           | N/A
 
 ## Reporting Bugs/Feature Requests
 

README.md

@@ -197,7 +197,7 @@ By default, the Smithy TypeScript code generators provide the code generation fr
 |`private`|No|Whether the package is `private` in `package.json`. The default value is `false`.|
 |`requiredMemberMode`|No|**NOT RECOMMENDED DUE TO BACKWARD COMPATIBILITY CONCERNS.** Sets whether members marked with the `@required` trait are allowed to be `undefined`. See more details on the risks in `TypeScriptSettings.RequiredMemberMode`. The default value is `nullable`.|
 |`createDefaultReadme`|No|Whether to generate a default `README.md` for the package. The default value is `false`.|
-|`experimentalIdentityAndAuth`|No|Experimental feature that standardizes identity and auth integrations to match the Smithy specification (see [Authentication Traits](https://smithy.io/2.0/spec/authentication-traits.html)). See [the experimental features section for more details](CONTRIBUTING.md#experimental-features).|
+|`useLegacyAuth`|No|**NOT RECOMMENDED, AVAILABLE ONLY FOR BACKWARD COMPATIBILITY CONCERNS.** Flag that enables using legacy auth. When in doubt, use the default identity and auth behavior (not configuring `useLegacyAuth`) as the golden path.|
 
 #### `typescript-client-codegen` plugin artifacts
 

gradle.properties

@@ -1,2 +1,2 @@
-smithyVersion=1.49.0
+smithyVersion=1.50.0
 smithyGradleVersion=0.10.1

packages/config-resolver/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Change Log
 
+## 3.0.5
+
+### Patch Changes
+
+- @smithy/node-config-provider@3.1.4
+
 ## 3.0.4
 
 ### Patch Changes

packages/config-resolver/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@smithy/config-resolver",
-  "version": "3.0.4",
+  "version": "3.0.5",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types && yarn build:types:downlevel'",
     "build:cjs": "node ../../scripts/inline config-resolver",

packages/core/CHANGELOG.md

@@ -1,5 +1,68 @@
 # Change Log
 
+## 2.3.2
+
+### Patch Changes
+
+- Updated dependencies [670553a]
+  - @smithy/smithy-client@3.1.12
+  - @smithy/middleware-retry@3.0.14
+
+## 2.3.1
+
+### Patch Changes
+
+- @smithy/smithy-client@3.1.11
+- @smithy/middleware-retry@3.0.13
+
+## 2.3.0
+
+### Minor Changes
+
+- 86862ea: switch to static HttpRequest clone method
+
+### Patch Changes
+
+- Updated dependencies [4a40961]
+- Updated dependencies [86862ea]
+  - @smithy/middleware-endpoint@3.1.0
+  - @smithy/protocol-http@4.1.0
+  - @smithy/smithy-client@3.1.10
+  - @smithy/middleware-retry@3.0.12
+  - @smithy/middleware-serde@3.0.3
+
+## 2.2.8
+
+### Patch Changes
+
+- @smithy/smithy-client@3.1.9
+- @smithy/middleware-retry@3.0.11
+
+## 2.2.7
+
+### Patch Changes
+
+- Updated dependencies [796567d]
+  - @smithy/protocol-http@4.0.4
+  - @smithy/middleware-retry@3.0.10
+  - @smithy/smithy-client@3.1.8
+  - @smithy/middleware-serde@3.0.3
+
+## 2.2.6
+
+### Patch Changes
+
+- @smithy/middleware-endpoint@3.0.5
+- @smithy/smithy-client@3.1.7
+- @smithy/middleware-retry@3.0.9
+
+## 2.2.5
+
+### Patch Changes
+
+- @smithy/smithy-client@3.1.6
+- @smithy/middleware-retry@3.0.8
+
 ## 2.2.4
 
 ### Patch Changes

packages/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@smithy/core",
-  "version": "2.2.4",
+  "version": "2.3.2",
   "scripts": {
     "build": "yarn lint && concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types && yarn build:types:downlevel'",
     "build:cjs": "node ../../scripts/inline core",

packages/core/src/util-identity-and-auth/httpAuthSchemes/httpApiKeyAuth.ts

@@ -24,7 +24,7 @@ export class HttpApiKeyAuthSigner implements HttpSigner {
     if (!identity.apiKey) {
       throw new Error("request could not be signed with `apiKey` since the `apiKey` is not defined");
     }
-    const clonedRequest = httpRequest.clone();
+    const clonedRequest = HttpRequest.clone(httpRequest);
     if (signingProperties.in === HttpApiKeyAuthLocation.QUERY) {
       clonedRequest.query[signingProperties.name] = identity.apiKey;
     } else if (signingProperties.in === HttpApiKeyAuthLocation.HEADER) {

packages/core/src/util-identity-and-auth/httpAuthSchemes/httpBearerAuth.ts

@@ -11,7 +11,7 @@ export class HttpBearerAuthSigner implements HttpSigner {
     identity: TokenIdentity,
     signingProperties: Record<string, any>
   ): Promise<IHttpRequest> {
-    const clonedRequest = httpRequest.clone();
+    const clonedRequest = HttpRequest.clone(httpRequest);
     if (!identity.token) {
       throw new Error("request could not be signed with `token` since the `token` is not defined");
     }

packages/credential-provider-imds/CHANGELOG.md

@@ -1,5 +1,17 @@
 # Change Log
 
+## 3.2.0
+
+### Minor Changes
+
+- 3d72b04: sources accountId from IMDS
+
+## 3.1.4
+
+### Patch Changes
+
+- @smithy/node-config-provider@3.1.4
+
 ## 3.1.3
 
 ### Patch Changes

packages/credential-provider-imds/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@smithy/credential-provider-imds",
-  "version": "3.1.3",
+  "version": "3.2.0",
   "description": "AWS credential provider that sources credentials from the EC2 instance metadata service and ECS container metadata service",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",

packages/credential-provider-imds/src/remoteProvider/ImdsCredentials.spec.ts

@@ -7,11 +7,15 @@ const creds: ImdsCredentials = Object.freeze({
   SecretAccessKey: "bar",
   Token: "baz",
   Expiration: new Date().toISOString(),
+  AccountId: "123456789012",
 });
 
 describe("isImdsCredentials", () => {
   it("should accept valid ImdsCredentials objects", () => {
     expect(isImdsCredentials(creds)).toBe(true);
+    const { AccountId, ...credsWithoutAccountId } = creds;
+    expect(AccountId).toBe("123456789012");
+    expect(isImdsCredentials(credsWithoutAccountId)).toBe(true);
   });
 
   it("should reject credentials without an AccessKeyId", () => {
@@ -44,5 +48,22 @@ describe("fromImdsCredentials", () => {
     expect(converted.secretAccessKey).toEqual(creds.SecretAccessKey);
     expect(converted.sessionToken).toEqual(creds.Token);
     expect(converted.expiration).toEqual(new Date(creds.Expiration));
+    expect(converted.accountId).toEqual(creds.AccountId);
+  });
+
+  it("should convert IMDS credentials to a credentials object without accountId when it's not provided", () => {
+    const credsWithoutAccountId: ImdsCredentials = {
+      AccessKeyId: "foo",
+      SecretAccessKey: "bar",
+      Token: "baz",
+      Expiration: new Date().toISOString(),
+      // AccountId is omitted
+    };
+    const converted: AwsCredentialIdentity = fromImdsCredentials(credsWithoutAccountId);
+    expect(converted.accessKeyId).toEqual(credsWithoutAccountId.AccessKeyId);
+    expect(converted.secretAccessKey).toEqual(credsWithoutAccountId.SecretAccessKey);
+    expect(converted.sessionToken).toEqual(credsWithoutAccountId.Token);
+    expect(converted.expiration).toEqual(new Date(credsWithoutAccountId.Expiration));
+    expect(converted.accountId).toBeUndefined(); // Verify accountId is undefined
   });
 });

packages/credential-provider-imds/src/remoteProvider/ImdsCredentials.ts

@@ -8,6 +8,7 @@ export interface ImdsCredentials {
   SecretAccessKey: string;
   Token: string;
   Expiration: string;
+  AccountId?: string;
 }
 
 /**
@@ -29,4 +30,5 @@ export const fromImdsCredentials = (creds: ImdsCredentials): AwsCredentialIdenti
   secretAccessKey: creds.SecretAccessKey,
   sessionToken: creds.Token,
   expiration: new Date(creds.Expiration),
+  ...(creds.AccountId && { accountId: creds.AccountId }),
 });

packages/eventstream-serde-browser/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Change Log
 
+## 3.0.5
+
+### Patch Changes
+
+- 1cfe243: avoid compilation of global ReadableStream with type parameter
+
 ## 3.0.4
 
 ### Patch Changes

packages/eventstream-serde-browser/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@smithy/eventstream-serde-browser",
-  "version": "3.0.4",
+  "version": "3.0.5",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types && yarn build:types:downlevel'",
     "build:cjs": "node ../../scripts/inline eventstream-serde-browser",

packages/eventstream-serde-browser/src/EventStreamMarshaller.ts

@@ -68,5 +68,11 @@ export class EventStreamMarshaller {
   }
 }
 
+/**
+ * @internal
+ * Warning: do not export this without aliasing the reference to
+ * global ReadableStream.
+ * @see https://github.com/smithy-lang/smithy-typescript/issues/1341.
+ */
 const isReadableStream = (body: any): body is ReadableStream =>
   typeof ReadableStream === "function" && body instanceof ReadableStream;

packages/experimental-identity-and-auth/CHANGELOG.md

@@ -1,5 +1,66 @@
 # Change Log
 
+## 0.3.16
+
+### Patch Changes
+
+- @smithy/middleware-retry@3.0.14
+
+## 0.3.15
+
+### Patch Changes
+
+- a40e1e9: set identity&auth SRA active by default
+
+## 0.3.14
+
+### Patch Changes
+
+- @smithy/middleware-retry@3.0.13
+
+## 0.3.13
+
+### Patch Changes
+
+- 86862ea: switch to static HttpRequest clone method
+- Updated dependencies [4a40961]
+- Updated dependencies [86862ea]
+  - @smithy/middleware-endpoint@3.1.0
+  - @smithy/protocol-http@4.1.0
+  - @smithy/signature-v4@4.1.0
+  - @smithy/middleware-retry@3.0.12
+  - @smithy/middleware-serde@3.0.3
+
+## 0.3.12
+
+### Patch Changes
+
+- @smithy/middleware-retry@3.0.11
+
+## 0.3.11
+
+### Patch Changes
+
+- Updated dependencies [796567d]
+- Updated dependencies [ae8bf5c]
+  - @smithy/protocol-http@4.0.4
+  - @smithy/signature-v4@4.0.0
+  - @smithy/middleware-retry@3.0.10
+  - @smithy/middleware-serde@3.0.3
+
+## 0.3.10
+
+### Patch Changes
+
+- @smithy/middleware-endpoint@3.0.5
+- @smithy/middleware-retry@3.0.9
+
+## 0.3.9
+
+### Patch Changes
+
+- @smithy/middleware-retry@3.0.8
+
 ## 0.3.8
 
 ### Patch Changes

packages/experimental-identity-and-auth/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@smithy/experimental-identity-and-auth",
-  "version": "0.3.8",
+  "version": "0.3.16",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types && yarn build:types:downlevel'",
     "build:cjs": "node ../../scripts/inline experimental-identity-and-auth",

packages/experimental-identity-and-auth/src/SigV4Signer.ts

@@ -13,7 +13,7 @@ export class SigV4Signer implements HttpSigner {
     identity: AwsCredentialIdentity,
     signingProperties: Record<string, any>
   ): Promise<IHttpRequest> {
-    const clonedRequest = httpRequest.clone();
+    const clonedRequest = HttpRequest.clone(httpRequest);
     const signer = new SignatureV4({
       applyChecksum: signingProperties.applyChecksum !== undefined ? signingProperties.applyChecksum : true,
       credentials: identity,

packages/experimental-identity-and-auth/src/httpApiKeyAuth.ts

@@ -35,7 +35,7 @@ export class HttpApiKeyAuthSigner implements HttpSigner {
     if (!identity.apiKey) {
       throw new Error("request could not be signed with `apiKey` since the `apiKey` is not defined");
     }
-    const clonedRequest = httpRequest.clone();
+    const clonedRequest = HttpRequest.clone(httpRequest);
     if (signingProperties.in === HttpApiKeyAuthLocation.QUERY) {
       clonedRequest.query[signingProperties.name] = identity.apiKey;
     } else if (signingProperties.in === HttpApiKeyAuthLocation.HEADER) {

packages/experimental-identity-and-auth/src/httpBearerAuth.ts

@@ -14,7 +14,7 @@ export class HttpBearerAuthSigner implements HttpSigner {
     identity: TokenIdentity,
     signingProperties: Record<string, any>
   ): Promise<IHttpRequest> {
-    const clonedRequest = httpRequest.clone();
+    const clonedRequest = HttpRequest.clone(httpRequest);
     if (!identity.token) {
       throw new Error("request could not be signed with `token` since the `token` is not defined");
     }

packages/experimental-identity-and-auth/src/integration/httpApiKeyAuth.integ.spec.ts

@@ -7,7 +7,7 @@ import {
 import { requireRequestsFrom } from "@smithy/util-test";
 
 describe("@httpApiKeyAuth integration tests", () => {
-  // TODO(experimentalIdentityAndAuth): should match `HttpApiKeyAuthService` `@httpApiKeyAuth` trait
+  // Match `HttpApiKeyAuthService` `@httpApiKeyAuth` trait
   const MOCK_API_KEY_NAME = "Authorization";
   const MOCK_API_KEY_SCHEME = "ApiKey";
   const MOCK_API_KEY = "APIKEY_123";

packages/fetch-http-handler/CHANGELOG.md

@@ -1,5 +1,31 @@
 # Change Log
 
+## 3.2.4
+
+### Patch Changes
+
+- 3ea4789: Initialize removeSignalEventListener as an empty function
+
+## 3.2.3
+
+### Patch Changes
+
+- Updated dependencies [86862ea]
+  - @smithy/protocol-http@4.1.0
+
+## 3.2.2
+
+### Patch Changes
+
+- Updated dependencies [796567d]
+  - @smithy/protocol-http@4.0.4
+
+## 3.2.1
+
+### Patch Changes
+
+- f31cc5f: remove abort signal event listeners after request completion
+
 ## 3.2.0
 
 ### Minor Changes

packages/fetch-http-handler/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@smithy/fetch-http-handler",
-  "version": "3.2.0",
+  "version": "3.2.4",
   "description": "Provides a way to make requests",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types && yarn build:types:downlevel'",