add auth and http/auth types for SRA auth

.github/workflows/go.yml

@@ -24,22 +24,3 @@ jobs:
 
     - name: Test
       run: go test -v ./...
-
-  deprecated-unit-tests:
-    needs: unit-tests
-    name: Deprecated Go version SDK Unit Tests
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
-        go-version: [1.15, 1.16, 1.17, 1.18]
-    steps:
-    - uses: actions/checkout@v2
-
-    - name: Set up Go
-      uses: actions/setup-go@v2
-      with:
-        go-version: ${{ matrix.go-version }}
-
-    - name: Test
-      run: go test -v ./...

auth/auth.go

@@ -0,0 +1,12 @@
+// Package auth defines protocol-agnostic authentication types for smithy
+// clients.
+package auth
+
+import "github.com/aws/smithy-go"
+
+// Option represents a possible authentication method for an operation.
+type Option struct {
+	SchemeID           string
+	IdentityProperties *smithy.Properties
+	SignerProperties   *smithy.Properties
+}

auth/identity.go

@@ -0,0 +1,26 @@
+package auth
+
+import (
+	"context"
+	"time"
+
+	"github.com/aws/smithy-go"
+)
+
+// Identity contains information that identifies who the user making the
+// request is.
+type Identity interface {
+	Expiration() time.Time
+}
+
+// IdentityResolver defines the interface through which an Identity is
+// retrieved.
+type IdentityResolver interface {
+	GetIdentity(ctx context.Context, params *smithy.Properties) (Identity, error)
+}
+
+// IdentityResolverOptions defines the interface through which an entity can be
+// queried to retrieve an IdentityResolver for a given auth scheme.
+type IdentityResolverOptions interface {
+	GetIdentityResolver(schemeID string) IdentityResolver
+}

transport/http/auth.go

@@ -0,0 +1,22 @@
+package http
+
+import (
+	"context"
+	"net/http"
+
+	smithy "github.com/aws/smithy-go"
+	"github.com/aws/smithy-go/auth"
+)
+
+// AuthScheme defines an HTTP authentication scheme.
+type AuthScheme interface {
+	SchemeID() string
+	IdentityResolver(auth.IdentityResolverOptions) auth.IdentityResolver
+	Signer() Signer
+}
+
+// Signer defines the interface through which HTTP requests are supplemented
+// with an Identity.
+type Signer interface {
+	SignRequest(context.Context, *http.Request, auth.Identity, *smithy.Properties) error
+}

transport/http/auth_schemes.go

@@ -0,0 +1,50 @@
+package http
+
+import (
+	"github.com/aws/smithy-go/auth"
+)
+
+// NewSigV4Scheme returns a SigV4 auth scheme that uses the given Signer.
+func NewSigV4Scheme(signer Signer) AuthScheme {
+	return &authScheme{
+		schemeID: "aws.auth#sigv4",
+		signer:   signer,
+	}
+}
+
+// NewSigV4AScheme returns a SigV4A auth scheme that uses the given Signer.
+func NewSigV4AScheme(signer Signer) AuthScheme {
+	return &authScheme{
+		schemeID: "aws.auth#sigv4a",
+		signer:   signer,
+	}
+}
+
+// NewBearerScheme returns an HTTP bearer auth scheme that uses the given Signer.
+func NewBearerScheme(signer Signer) AuthScheme {
+	return &authScheme{
+		schemeID: "aws.auth#httpBearerAuth",
+		signer:   signer,
+	}
+}
+
+// authScheme is parameterized to generically implement the exported AuthScheme
+// interface
+type authScheme struct {
+	schemeID string
+	signer   Signer
+}
+
+var _ (AuthScheme) = (*authScheme)(nil)
+
+func (s *authScheme) SchemeID() string {
+	return s.schemeID
+}
+
+func (s *authScheme) IdentityResolver(o auth.IdentityResolverOptions) auth.IdentityResolver {
+	return o.GetIdentityResolver(s.schemeID)
+}
+
+func (s *authScheme) Signer() Signer {
+	return s.signer
+}

transport/http/properties.go

@@ -0,0 +1,66 @@
+package http
+
+import smithy "github.com/aws/smithy-go"
+
+var (
+	sigV4SigningNameKey       struct{}
+	sigV4SigningRegionKey     struct{}
+	sigV4IsUnsignedPayloadKey struct{}
+	sigV4ASigningNameKey      struct{}
+	sigV4ASigningRegionsKey   struct{}
+)
+
+// GetSigV4SigningName gets the signing name from Properties.
+func GetSigV4SigningName(p *smithy.Properties) (string, bool) {
+	v, ok := p.Get(sigV4SigningNameKey).(string)
+	return v, ok
+}
+
+// SetSigV4SigningName sets the signing name on Properties.
+func SetSigV4SigningName(p *smithy.Properties, name string) {
+	p.Set(sigV4SigningNameKey, name)
+}
+
+// GetSigV4SigningRegion gets the signing region from Properties.
+func GetSigV4SigningRegion(p *smithy.Properties) (string, bool) {
+	v, ok := p.Get(sigV4SigningRegionKey).(string)
+	return v, ok
+}
+
+// SetSigV4SigningRegion sets the signing region on Properties.
+func SetSigV4SigningRegion(p *smithy.Properties, region string) {
+	p.Set(sigV4SigningRegionKey, region)
+}
+
+// GetSigV4IsUnsignedPayload gets whether the payload is unsigned from Properties.
+func GetSigV4IsUnsignedPayload(p *smithy.Properties) (bool, bool) {
+	v, ok := p.Get(sigV4IsUnsignedPayloadKey).(bool)
+	return v, ok
+}
+
+// SetSigV4IsUnsignedPayload sets whether the payload is unsigned on Properties.
+func SetSigV4IsUnsignedPayload(p *smithy.Properties, isUnsignedPayload bool) {
+	p.Set(sigV4IsUnsignedPayloadKey, isUnsignedPayload)
+}
+
+// GetSigV4ASigningName gets the v4a signing name from Properties.
+func GetSigV4ASigningName(p *smithy.Properties) (string, bool) {
+	v, ok := p.Get(sigV4ASigningNameKey).(string)
+	return v, ok
+}
+
+// SetSigV4ASigningName sets the signing name on Properties.
+func SetSigV4ASigningName(p *smithy.Properties, name string) {
+	p.Set(sigV4ASigningNameKey, name)
+}
+
+// GetSigV4ASigningRegion gets the v4a signing region set from Properties.
+func GetSigV4ASigningRegions(p *smithy.Properties) ([]string, bool) {
+	v, ok := p.Get(sigV4ASigningRegionsKey).([]string)
+	return v, ok
+}
+
+// SetSigV4ASigningRegion sets the v4a signing region set on Properties.
+func SetSigV4ASigningRegion(p *smithy.Properties, regions []string) {
+	p.Set(sigV4ASigningRegionsKey, regions)
+}