Multi auth request level resolution

Author: sbaluja

src/aws-cpp-sdk-core/include/aws/core/AmazonWebServiceRequest.h

@@ -19,6 +19,7 @@
 #include <aws/core/utils/memory/stl/AWSString.h>
 #include <aws/core/utils/stream/ResponseStream.h>
 #include <aws/core/endpoint/internal/AWSEndpointAttribute.h>
+#include <smithy/identity/auth/AuthSchemeOption.h>
 
 namespace Aws
 {
@@ -231,6 +232,8 @@ namespace Aws
         RetryContext GetRetryContext() const { return m_retryContext; }
 
         void SetRetryContext(const RetryContext& context) const { m_retryContext = context; }
+
+        virtual Aws::Vector<smithy::AuthSchemeOption> GetRequestSpecificSupportedAuth() const { return {}; }
     protected:
         /**
          * Default does nothing. Override this to convert what would otherwise be the payload of the

src/aws-cpp-sdk-core/include/aws/core/auth/AWSAuthSigner.h

@@ -12,4 +12,7 @@
 #include <aws/core/auth/signer/AWSAuthEventStreamV4Signer.h>
 #include <aws/core/auth/signer/AWSNullSigner.h>
 
+#include <smithy/identity/auth/built-in/NoAuthScheme.h>
+#include <smithy/identity/auth/built-in/NoAuthSchemeOption.h>
+
 // This is a header that represents old legacy all-in-one header to maintain backward compatibility

src/aws-cpp-sdk-core/include/smithy/client/AwsSmithyClient.h

@@ -188,7 +188,7 @@ namespace client
                 }
             }
 
-            Aws::Vector<AuthSchemeOption> authSchemeOptions = m_authSchemeResolver->resolveAuthScheme(identityParams);
+            Aws::Vector<AuthSchemeOption> authSchemeOptions = ctx.m_authResolver == nullptr ? m_authSchemeResolver->resolveAuthScheme(identityParams) : ctx.m_authResolver->resolveAuthScheme(identityParams);
 
             auto authSchemeOptionIt = std::find_if(authSchemeOptions.begin(), authSchemeOptions.end(),
                                                    [this](const AuthSchemeOption& opt)
@@ -352,15 +352,18 @@ namespace client
 
         GetContextEndpointParametersOutcome GetContextEndpointParametersImpl(const AwsSmithyClientAsyncRequestContext& ctx) const {
           Aws::Vector<Aws::Endpoint::EndpointParameter> endpointParameters;
-          const auto resolvedAccountId = ctx.m_awsIdentity->accountId();
-          const auto resolvedNonEmptyAccountId = resolvedAccountId.has_value() && !resolvedAccountId.value().empty();
-          // Set user agent if account ID was resolved in identity provider
-          if (resolvedNonEmptyAccountId) {
-            ctx.m_pRequest->AddUserAgentFeature(Aws::Client::UserAgentFeature::RESOLVED_ACCOUNT_ID);
-          }
-          // Only set EP param if client configuration does not have a configured account ID and we resolved a account id
-          if (resolvedNonEmptyAccountId && m_clientConfiguration.accountId.empty()) {
-            endpointParameters.emplace_back("AccountId", resolvedAccountId.value(), Aws::Endpoint::EndpointParameter::ParameterOrigin::OPERATION_CONTEXT);
+          //nullptr indicates we're using noAuth and therefore there is no identity
+          if (ctx.m_awsIdentity != nullptr) {
+            const auto resolvedAccountId = ctx.m_awsIdentity->accountId();
+            const auto resolvedNonEmptyAccountId = resolvedAccountId.has_value() && !resolvedAccountId.value().empty();
+            // Set user agent if account ID was resolved in identity provider
+            if (resolvedNonEmptyAccountId) {
+              ctx.m_pRequest->AddUserAgentFeature(Aws::Client::UserAgentFeature::RESOLVED_ACCOUNT_ID);
+            }
+            // Only set EP param if client configuration does not have a configured account ID and we resolved a account id
+            if (resolvedNonEmptyAccountId && m_clientConfiguration.accountId.empty()) {
+              endpointParameters.emplace_back("AccountId", resolvedAccountId.value(), Aws::Endpoint::EndpointParameter::ParameterOrigin::OPERATION_CONTEXT);
+            }
           }
           return endpointParameters;
         }

src/aws-cpp-sdk-core/include/smithy/client/AwsSmithyClientAsyncRequestContext.h

@@ -12,6 +12,7 @@
 #include <smithy/Smithy_EXPORTS.h>
 #include <smithy/identity/auth/AuthSchemeOption.h>
 #include <smithy/interceptor/InterceptorContext.h>
+#include <smithy/identity/auth/AuthSchemeResolverBase.h>
 
 namespace smithy
 {
@@ -71,18 +72,21 @@ namespace smithy
             std::shared_ptr<Aws::Utils::Threading::Executor> m_pExecutor;
             std::shared_ptr<interceptor::InterceptorContext> m_interceptorContext;
             std::shared_ptr<smithy::AwsIdentity> m_awsIdentity;
+            std::shared_ptr<smithy::AuthSchemeResolverBase<>> m_authResolver;
 
             AwsSmithyClientAsyncRequestContext() = default;
 
             AwsSmithyClientAsyncRequestContext(
                 Aws::AmazonWebServiceRequest const * const request,
                 const char* requestName,
-                std::shared_ptr<Aws::Utils::Threading::Executor> pExecutor):
+                std::shared_ptr<Aws::Utils::Threading::Executor> pExecutor,
+                std::shared_ptr<smithy::AuthSchemeResolverBase<>> authResolver):
                 m_invocationId{Aws::Utils::UUID::PseudoRandomUUID()},
                 m_pRequest{request},
                 m_requestName{requestName ? requestName : m_pRequest ?  m_pRequest->GetServiceRequestName() : ""},
                 m_retryCount{0},
-                m_pExecutor{pExecutor}
+                m_pExecutor{pExecutor},
+                m_authResolver{authResolver}
             {
 
             }

src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/BearerTokenAuthSchemeOption.h

@@ -12,6 +12,6 @@ struct BearerTokenAuthSchemeOption
     static AuthSchemeOption bearerTokenAuthSchemeOption;
 };
 
-AuthSchemeOption BearerTokenAuthSchemeOption::bearerTokenAuthSchemeOption =
+inline AuthSchemeOption BearerTokenAuthSchemeOption::bearerTokenAuthSchemeOption =
     AuthSchemeOption("smithy.api#HTTPBearerAuth");
 } // namespace smithy

src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/NoAuthScheme.h

@@ -0,0 +1,76 @@
+/**
+* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#pragma once
+
+#include <smithy/identity/auth/AuthScheme.h>
+#include <smithy/identity/auth/built-in/NoAuthSchemeOption.h>
+
+#include <smithy/identity/identity/AwsCredentialIdentityBase.h>
+#include <smithy/identity/signer/built-in/NoAuthSigner.h>
+
+namespace smithy {
+    constexpr char NOAUTH[] = "smithy.api#noAuth";
+
+    class NoAuthScheme : public AuthScheme<AwsCredentialIdentityBase>
+    {
+    public:
+        using AwsCredentialIdentityResolverT = IdentityResolverBase<IdentityT>;
+        using AwsCredentialSignerT = AwsSignerBase<IdentityT>;
+
+        explicit NoAuthScheme()
+            : AuthScheme(NOAUTH),
+            m_signer{Aws::MakeShared<AwsNoAuthSigner>("NoAuthScheme")}
+        {
+            assert(m_signer);
+        }
+
+        explicit NoAuthScheme(std::shared_ptr<AwsCredentialIdentityResolverT> identityResolver,
+                                    const Aws::String& serviceName,
+                                    const Aws::String& region)
+              : AuthScheme(NOAUTH),
+              m_signer{Aws::MakeShared<AwsNoAuthSigner>("NoAuthScheme")}
+          {
+            AWS_UNREFERENCED_PARAM(identityResolver);
+            AWS_UNREFERENCED_PARAM(serviceName);
+            AWS_UNREFERENCED_PARAM(region);
+            assert(m_signer);
+          }
+
+        explicit NoAuthScheme(const Aws::String& serviceName,
+                                  const Aws::String& region)
+            : NoAuthScheme(nullptr, serviceName, region)
+        {
+          assert(m_signer);
+        }
+
+        //legacy constructors
+        explicit NoAuthScheme(std::shared_ptr<AwsCredentialIdentityResolverT> identityResolver, const Aws::String& serviceName, const Aws::String& region, Aws::Client::AWSAuthV4Signer::PayloadSigningPolicy policy, bool urlEscape)
+            :  AuthScheme(NOAUTH),
+            m_signer{Aws::MakeShared<AwsNoAuthSigner>("NoAuthScheme")}
+        {
+          AWS_UNREFERENCED_PARAM(identityResolver);
+          AWS_UNREFERENCED_PARAM(serviceName);
+          AWS_UNREFERENCED_PARAM(region);
+          AWS_UNREFERENCED_PARAM(policy);
+          AWS_UNREFERENCED_PARAM(urlEscape);
+          assert(m_signer);
+        }
+
+        virtual ~NoAuthScheme() = default;
+
+        std::shared_ptr<AwsCredentialIdentityResolverT> identityResolver() override
+        {
+            return nullptr;
+        }
+
+        std::shared_ptr<AwsCredentialSignerT> signer() override
+        {
+            return m_signer;
+        }
+
+    protected:
+        std::shared_ptr<AwsCredentialSignerT> m_signer;
+    };
+}

src/aws-cpp-sdk-core/include/smithy/identity/auth/built-in/NoAuthSchemeOption.h

@@ -0,0 +1,15 @@
+/**
+* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#pragma once
+
+#include <smithy/Smithy_EXPORTS.h>
+#include <smithy/identity/auth/AuthSchemeOption.h>
+
+namespace smithy {
+    struct NoAuthSchemeOption
+    {
+        static SMITHY_API AuthSchemeOption noAuthSchemeOption;
+    };
+}

src/aws-cpp-sdk-core/include/smithy/identity/identity/impl/AwsBearerTokenIdentityImpl.h

@@ -8,9 +8,9 @@
 #include <smithy/identity/identity/AwsBearerTokenIdentity.h>
 
 namespace smithy {
-const Aws::String &AwsBearerTokenIdentity::token() const { return m_token; }
+inline const Aws::String &AwsBearerTokenIdentity::token() const { return m_token; }
 
-Aws::Crt::Optional<AwsIdentity::DateTime>
+inline Aws::Crt::Optional<AwsIdentity::DateTime>
 AwsBearerTokenIdentity::expiration() const
 {
     return m_expiration;

src/aws-cpp-sdk-core/include/smithy/identity/resolver/AwsBearerTokenIdentityResolver.h

@@ -104,7 +104,7 @@ class DefaultAwsBearerTokenIdentityResolver
         : AwsBearerTokenIdentityResolver(Aws::Vector<std::shared_ptr<Aws::Auth::AWSBearerTokenProviderBase>>{
               Aws::MakeShared<Aws::Auth::SSOBearerTokenProvider>("SSOBearerTokenProvider")}){};
 };
-const char
+inline const char
     AwsBearerTokenIdentityResolver::BEARER_TOKEN_PROVIDER_CHAIN_LOG_TAG[] =
         "BearerTokenProvider";
 

src/aws-cpp-sdk-core/include/smithy/identity/signer/built-in/BearerTokenSigner.h

@@ -71,5 +71,5 @@ class BearerTokenSigner : public AwsSignerBase<AwsBearerTokenIdentityBase>
     Aws::String m_region;
 };
 
-const char BearerTokenSigner::LOGGING_TAG[] = "BearerTokenSigner";
+inline const char BearerTokenSigner::LOGGING_TAG[] = "BearerTokenSigner";
 } // namespace smithy