diff --git a/clients/client-sts/STSClient.ts b/clients/client-sts/STSClient.ts index bb079b86a45e4..866706f2200f5 100644 --- a/clients/client-sts/STSClient.ts +++ b/clients/client-sts/STSClient.ts @@ -30,12 +30,7 @@ import { } from "@aws-sdk/middleware-host-header"; import { getLoggerPlugin } from "@aws-sdk/middleware-logger"; import { RetryInputConfig, RetryResolvedConfig, getRetryPlugin, resolveRetryConfig } from "@aws-sdk/middleware-retry"; -import { - AwsAuthInputConfig, - AwsAuthResolvedConfig, - getAwsAuthPlugin, - resolveAwsAuthConfig, -} from "@aws-sdk/middleware-signing"; +import { AwsAuthInputConfig, AwsAuthResolvedConfig, resolveAwsAuthConfig } from "@aws-sdk/middleware-signing"; import { UserAgentInputConfig, UserAgentResolvedConfig, @@ -221,7 +216,6 @@ export class STSClient extends __Client< let _config_6 = resolveHostHeaderConfig(_config_5); super(_config_6); this.config = _config_6; - this.middlewareStack.use(getAwsAuthPlugin(this.config)); this.middlewareStack.use(getRetryPlugin(this.config)); this.middlewareStack.use(getUserAgentPlugin(this.config)); this.middlewareStack.use(getContentLengthPlugin(this.config)); diff --git a/clients/client-sts/commands/AssumeRoleCommand.ts b/clients/client-sts/commands/AssumeRoleCommand.ts index c5d9bb8d937c1..4ab2412533b5e 100644 --- a/clients/client-sts/commands/AssumeRoleCommand.ts +++ b/clients/client-sts/commands/AssumeRoleCommand.ts @@ -2,6 +2,7 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from " import { AssumeRoleRequest, AssumeRoleResponse } from "../models/models_0"; import { deserializeAws_queryAssumeRoleCommand, serializeAws_queryAssumeRoleCommand } from "../protocols/Aws_query"; import { getSerdePlugin } from "@aws-sdk/middleware-serde"; +import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing"; import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http"; import { Command as $Command } from "@aws-sdk/smithy-client"; import { @@ -151,6 +152,7 @@ export class AssumeRoleCommand extends $Command< options?: __HttpHandlerOptions ): Handler { this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); + this.middlewareStack.use(getAwsAuthPlugin(configuration)); const stack = clientStack.concat(this.middlewareStack); diff --git a/clients/client-sts/commands/DecodeAuthorizationMessageCommand.ts b/clients/client-sts/commands/DecodeAuthorizationMessageCommand.ts index 9dc33c879d8c8..e61c1d04b866a 100644 --- a/clients/client-sts/commands/DecodeAuthorizationMessageCommand.ts +++ b/clients/client-sts/commands/DecodeAuthorizationMessageCommand.ts @@ -5,6 +5,7 @@ import { serializeAws_queryDecodeAuthorizationMessageCommand, } from "../protocols/Aws_query"; import { getSerdePlugin } from "@aws-sdk/middleware-serde"; +import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing"; import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http"; import { Command as $Command } from "@aws-sdk/smithy-client"; import { @@ -81,6 +82,7 @@ export class DecodeAuthorizationMessageCommand extends $Command< options?: __HttpHandlerOptions ): Handler { this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); + this.middlewareStack.use(getAwsAuthPlugin(configuration)); const stack = clientStack.concat(this.middlewareStack); diff --git a/clients/client-sts/commands/GetAccessKeyInfoCommand.ts b/clients/client-sts/commands/GetAccessKeyInfoCommand.ts index b283d390b77cd..8cdfd70484b03 100644 --- a/clients/client-sts/commands/GetAccessKeyInfoCommand.ts +++ b/clients/client-sts/commands/GetAccessKeyInfoCommand.ts @@ -5,6 +5,7 @@ import { serializeAws_queryGetAccessKeyInfoCommand, } from "../protocols/Aws_query"; import { getSerdePlugin } from "@aws-sdk/middleware-serde"; +import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing"; import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http"; import { Command as $Command } from "@aws-sdk/smithy-client"; import { @@ -63,6 +64,7 @@ export class GetAccessKeyInfoCommand extends $Command< options?: __HttpHandlerOptions ): Handler { this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); + this.middlewareStack.use(getAwsAuthPlugin(configuration)); const stack = clientStack.concat(this.middlewareStack); diff --git a/clients/client-sts/commands/GetCallerIdentityCommand.ts b/clients/client-sts/commands/GetCallerIdentityCommand.ts index e21d1e0359f4e..5b6a722debc1b 100644 --- a/clients/client-sts/commands/GetCallerIdentityCommand.ts +++ b/clients/client-sts/commands/GetCallerIdentityCommand.ts @@ -5,6 +5,7 @@ import { serializeAws_queryGetCallerIdentityCommand, } from "../protocols/Aws_query"; import { getSerdePlugin } from "@aws-sdk/middleware-serde"; +import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing"; import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http"; import { Command as $Command } from "@aws-sdk/smithy-client"; import { @@ -55,6 +56,7 @@ export class GetCallerIdentityCommand extends $Command< options?: __HttpHandlerOptions ): Handler { this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); + this.middlewareStack.use(getAwsAuthPlugin(configuration)); const stack = clientStack.concat(this.middlewareStack); diff --git a/clients/client-sts/commands/GetFederationTokenCommand.ts b/clients/client-sts/commands/GetFederationTokenCommand.ts index a37b7cfa8a593..ae5dd80b2ed91 100644 --- a/clients/client-sts/commands/GetFederationTokenCommand.ts +++ b/clients/client-sts/commands/GetFederationTokenCommand.ts @@ -5,6 +5,7 @@ import { serializeAws_queryGetFederationTokenCommand, } from "../protocols/Aws_query"; import { getSerdePlugin } from "@aws-sdk/middleware-serde"; +import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing"; import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http"; import { Command as $Command } from "@aws-sdk/smithy-client"; import { @@ -124,6 +125,7 @@ export class GetFederationTokenCommand extends $Command< options?: __HttpHandlerOptions ): Handler { this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); + this.middlewareStack.use(getAwsAuthPlugin(configuration)); const stack = clientStack.concat(this.middlewareStack); diff --git a/clients/client-sts/commands/GetSessionTokenCommand.ts b/clients/client-sts/commands/GetSessionTokenCommand.ts index 6b4c32e45166b..9697fbd917cb9 100644 --- a/clients/client-sts/commands/GetSessionTokenCommand.ts +++ b/clients/client-sts/commands/GetSessionTokenCommand.ts @@ -5,6 +5,7 @@ import { serializeAws_queryGetSessionTokenCommand, } from "../protocols/Aws_query"; import { getSerdePlugin } from "@aws-sdk/middleware-serde"; +import { getAwsAuthPlugin } from "@aws-sdk/middleware-signing"; import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http"; import { Command as $Command } from "@aws-sdk/smithy-client"; import { @@ -97,6 +98,7 @@ export class GetSessionTokenCommand extends $Command< options?: __HttpHandlerOptions ): Handler { this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize)); + this.middlewareStack.use(getAwsAuthPlugin(configuration)); const stack = clientStack.concat(this.middlewareStack); diff --git a/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddBuiltinPlugins.java b/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddBuiltinPlugins.java index e75164def5e9a..94418f8038c6d 100644 --- a/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddBuiltinPlugins.java +++ b/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddBuiltinPlugins.java @@ -67,7 +67,10 @@ public List getClientPlugins() { .withConventions(AwsDependency.MIDDLEWARE_SIGNING.dependency, "AwsAuth", HAS_MIDDLEWARE) // See operationUsesAwsAuth() below for AwsAuth Middleware customizations. .servicePredicate( - (m, s) -> !testServiceId(s, "Cognito Identity") && !hasOptionalAuthOperation(m, s) + (m, s) -> + !testServiceId(s, "Cognito Identity") && + !testServiceId(s, "STS") && + !hasOptionalAuthOperation(m, s) ).build(), RuntimeClientPlugin.builder() .withConventions(TypeScriptDependency.MIDDLEWARE_RETRY.dependency, "Retry") @@ -174,6 +177,16 @@ private static boolean operationUsesAwsAuth(Model model, ServiceShape service, O .contains(operation.getId().getName()); return !isUnsignedCommand; } + + // STS doesn't need auth for AssumeRoleWithWebIdentity, AssumeRoleWithSAML. + // Remove when optionalAuth model update is published in 0533102932. + if (testServiceId(service, "STS")) { + Boolean isUnsignedCommand = SetUtils + .of("AssumeRoleWithWebIdentity", "AssumeRoleWithSAML") + .contains(operation.getId().getName()); + return !isUnsignedCommand; + } + // optionalAuth trait doesn't require authentication. if (hasOptionalAuthOperation(model, service)) { return !operation.getTrait(OptionalAuthTrait.class).isPresent();