Add accountID endpoint builtin and accountID endpoint mode config #2479
Conversation
aws/accountid/account_id.go
Outdated
| @@ -0,0 +1,41 @@ | |||
| package accountid | |||
There was a problem hiding this comment.
We don't need a new package for this. It can go in the base aws package.
aws/accountid/mode/mode.go
Outdated
| @@ -0,0 +1,29 @@ | |||
| package mode | |||
There was a problem hiding this comment.
AccountIDEndpointMode. aid is fine for a development branch name but as a consumer-facing identifier we have to be clearer.
aws/accountid/mode/mode.go
Outdated
|
|
||
| // enums of valid AIDMode | ||
| const ( | ||
| Preferred AIDMode = "preferred" |
There was a problem hiding this comment.
It's idiomatic in go to prepend the variants of each enum value with the enum's name.
e.g. AccountIDEndpointModePreferred.
| @@ -25,10 +25,35 @@ | |||
| { | |||
| "id": "Service", | |||
| "namespace": "*" | |||
| }, | |||
There was a problem hiding this comment.
Remove all the model changes in the commit. They should only be present locally for testing purposes.
aws/accountid/mode/mode.go
Outdated
|
|
||
| // enums of valid AIDMode | ||
| const ( | ||
| Preferred AIDMode = "preferred" |
There was a problem hiding this comment.
We should have a none/unset sentinel i.e. AccountIDEndpointModeUnset (which is just the empty string).
aws/accountid/mode/mode.go
Outdated
| ) | ||
|
|
||
| // SetFromString converts config string to corresponding AIDMode or reports error if the value is not enumerated | ||
| func (mode *AIDMode) SetFromString(s string) error { |
There was a problem hiding this comment.
There's no real reason to expose this, since sourcing the value from config is an implementation detail for us, let's keep it that way.
| @@ -63,7 +64,13 @@ public void renderPreEndpointResolutionHook(GoSettings settings, GoWriter writer | |||
| if $T(ctx) { | |||
| return next.HandleFinalize(ctx, in) | |||
| } | |||
| """, SdkGoTypes.Aws.Middleware.GetRequiresLegacyEndpoints); | |||
| if err := $T(getIdentity(ctx), m.options.AccountIDEndpointMode); err != nil { | |||
There was a problem hiding this comment.
This doesn't really belong in this "legacy context" integration, it should have its own entity in codegen that generates it.
| .build(), | ||
| AwsConfigField.builder() | ||
| .name(SDK_AID_ENDPOINT_MODE) | ||
| .type(getAwsAccountIDModeSymbol("AIDMode")) |
There was a problem hiding this comment.
Add and use SdkGoTypes.Aws.AccountIDEndpointMode (once you've moved the enum there) instead.
service/dynamodb/endpoints.go
Outdated
| @@ -489,7 +490,7 @@ type endpointParamsBinder interface { | |||
| bindEndpointParams(*EndpointParameters) | |||
| } | |||
|
|
|||
| func bindEndpointParams(input interface{}, options Options) *EndpointParameters { | |||
| func bindEndpointParams(input interface{}, options Options, ctx context.Context) *EndpointParameters { | |||
There was a problem hiding this comment.
Shouldn't we be seeing the account ID binding getting generated here? Specifically somewhere from line 496 on?
There was a problem hiding this comment.
I regenerated the client using model without accountID builtin in my last commit. I will regenerate that using mocked model
05d0878 to
02e7fde
Compare
aws/accountid_endpoint_mode.go
Outdated
| @@ -0,0 +1,12 @@ | |||
| package aws | |||
|
|
|||
| // AccountIDEndpointMode switches on/off the account ID based endpoint routing | |||
There was a problem hiding this comment.
| // AccountIDEndpointMode switches on/off the account ID based endpoint routing | |
| // AccountIDEndpointMode controls how a resolved AWS account ID is handled for endpoint routing. |
aws/accountid_endpoint_mode.go
Outdated
| // enums of valid AccountIDEndpointMode | ||
| const ( | ||
| AccountIDEndpointModeUnset AccountIDEndpointMode = "" | ||
| AccountIDEndpointModePreferred AccountIDEndpointMode = "preferred" |
There was a problem hiding this comment.
[nonblocking] You can leave the type declaration off of everything but the first line, the compiler figures it out
e.g.
type Foo = string
const (
Foo1 Foo = "1"
Foo2 = "2" // is implicitly type Foo as is everything after it
)
aws/config.go
Outdated
| // AccountIDEndpointMode indicates how aws account ID is applied in endpoint2.0 routing. | ||
| // Will be set to preferred by default. Supported modes are: Preferred, Required and Disabled |
There was a problem hiding this comment.
| // AccountIDEndpointMode indicates how aws account ID is applied in endpoint2.0 routing. | |
| // Will be set to preferred by default. Supported modes are: Preferred, Required and Disabled | |
| // Controls how a resolved AWS account ID is handled for endpoint routing. |
aws/accountid_endpoint_mode.go
Outdated
| // AccountIDEndpointMode switches on/off the account ID based endpoint routing | ||
| type AccountIDEndpointMode string | ||
|
|
||
| // enums of valid AccountIDEndpointMode |
There was a problem hiding this comment.
Rather than having the comment on the declaration block, give each one a comment explaining what it does.
| @@ -81,6 +81,8 @@ public class AddAwsConfigFields implements GoIntegration { | |||
|
|
|||
| private static final String REQUEST_MIN_COMPRESSION_SIZE_BYTES = "RequestMinCompressSizeBytes"; | |||
|
|
|||
| private static final String SDK_AID_ENDPOINT_MODE = "AccountIDEndpointMode"; | |||
There was a problem hiding this comment.
[nonblocking] We'd rather see this spelled out SDK_ACCOUNTID_ENDPOINT_MODE but it's not a huge deal.
|
|
||
| public class AccountIDEndpointRouting implements GoIntegration { | ||
| @Override | ||
| public void renderPreEndpointResolutionHook(GoSettings settings, GoWriter writer, Model model) { |
There was a problem hiding this comment.
We should make sure this happens after the early return that's triggered when we detect they're using v1 endpoint resolution. You may need to fiddle with the integration order to accomplish that.
| return; | ||
| } | ||
| goDelegator.useShapeWriter(settings.getService(model), goTemplate(""" | ||
| func accountID(identity $auth:T, mode $accountIDEndpointMode:T) *string { |
There was a problem hiding this comment.
A few things here
- the name here is too broad, this is likely to collide with random identifiers we generate in the package. I'd call it
resolveAccountID,bindAccountID, etc. - you're adding the builtin that calls this in a different location than where it's defined. We should move the
accountIDfunction you have here to be generated in the builtins integration instead. (checkAccountID is used here and can stay in this integration)
| } | ||
| goDelegator.useShapeWriter(settings.getService(model), goTemplate(""" | ||
| func accountID(identity $auth:T, mode $accountIDEndpointMode:T) *string { | ||
| if ca, ok := identity.(*$credentialsAdapter:T); ok && (mode == $aidModePreferred:T || mode == $aidModeRequired:T) { |
There was a problem hiding this comment.
Instead of checking all the modes where it's on, I'd just check the one mode where it's off (disabled) and return early
aws/accountid_endpoint_mode.go
Outdated
| // AccountIDEndpointModeUnset indicates the AWS account ID will not be used for endpoint routing | ||
| AccountIDEndpointModeUnset AccountIDEndpointMode = "" | ||
|
|
||
| // AccountIDEndpointModePreferred indicates the AWS account ID will be used for endpoint routing if offered |
There was a problem hiding this comment.
| // AccountIDEndpointModePreferred indicates the AWS account ID will be used for endpoint routing if offered | |
| // AccountIDEndpointModePreferred indicates the AWS account ID will be used for endpoint routing if present |
| return $errorf:T("the accountID is configured to be required, but the " + | ||
| "identity provider could not be converted to a valid credentials adapter " + | ||
| "and provide an accountID, should switch to a valid credentials provider " + | ||
| "or change to another account id endpoint mode") |
There was a problem hiding this comment.
We don't have to specific about the type assertion failing in this path - we can just say an accountID wasn't found.
| return $errorf:T("the accountID is configured to be required, but the " + | |
| "identity provider could not be converted to a valid credentials adapter " + | |
| "and provide an accountID, should switch to a valid credentials provider " + | |
| "or change to another account id endpoint mode") | |
| return $errorf:T("accountID is required but not set") |
(use this value in the next branch as well)
| } | ||
| goDelegator.useShapeWriter(settings.getService(model), goTemplate(""" | ||
| func resolveAccountID(identity $auth:T, mode $accountIDEndpointMode:T) *string { | ||
| if mode == $aidModeDisabled:T || mode == $aidModeUnset:T { |
There was a problem hiding this comment.
An unset value is supposed to imply preferred, according to the spec:
preferred, or no value - Default behavior
So this should only check for disabled
Merge accountID into endpoint rules codegen as an endpoint param builtin retrieved from credentials, add accountIDEndpoint mode config to opt in/out accountID based endpoint routing