Moved internal auth classes to internal package.

Author: millems

auth/src/main/java/software/amazon/awssdk/auth/credentials/ContainerCredentialsProvider.java

@@ -28,6 +28,8 @@
 import java.util.Set;
 import software.amazon.awssdk.annotations.SdkPublicApi;
 import software.amazon.awssdk.annotations.SdkTestInternalApi;
+import software.amazon.awssdk.auth.credentials.internal.ContainerCredentialsRetryPolicy;
+import software.amazon.awssdk.auth.credentials.internal.HttpCredentialsProvider;
 import software.amazon.awssdk.core.SdkSystemSetting;
 import software.amazon.awssdk.core.exception.SdkClientException;
 import software.amazon.awssdk.regions.internal.util.ResourcesEndpointProvider;

auth/src/main/java/software/amazon/awssdk/auth/util/CredentialUtils.java renamed to auth/src/main/java/software/amazon/awssdk/auth/credentials/CredentialUtils.java

@@ -13,10 +13,9 @@
  * permissions and limitations under the License.
  */
 
-package software.amazon.awssdk.auth.util;
+package software.amazon.awssdk.auth.credentials;
 
 import software.amazon.awssdk.annotations.SdkProtectedApi;
-import software.amazon.awssdk.auth.credentials.AwsCredentials;
 
 @SdkProtectedApi
 public final class CredentialUtils {

auth/src/main/java/software/amazon/awssdk/auth/credentials/EnvironmentVariableCredentialsProvider.java

@@ -17,6 +17,7 @@
 
 import java.util.Optional;
 import software.amazon.awssdk.annotations.SdkPublicApi;
+import software.amazon.awssdk.auth.credentials.internal.SystemSettingsCredentialsProvider;
 import software.amazon.awssdk.utils.SystemSetting;
 import software.amazon.awssdk.utils.ToString;
 

auth/src/main/java/software/amazon/awssdk/auth/credentials/InstanceProfileCredentialsProvider.java

@@ -18,6 +18,7 @@
 import java.io.IOException;
 import java.net.URI;
 import software.amazon.awssdk.annotations.SdkPublicApi;
+import software.amazon.awssdk.auth.credentials.internal.HttpCredentialsProvider;
 import software.amazon.awssdk.core.SdkSystemSetting;
 import software.amazon.awssdk.core.exception.SdkClientException;
 import software.amazon.awssdk.regions.internal.util.HttpResourcesUtils;

auth/src/main/java/software/amazon/awssdk/auth/credentials/SystemPropertyCredentialsProvider.java

@@ -17,6 +17,7 @@
 
 import java.util.Optional;
 import software.amazon.awssdk.annotations.SdkPublicApi;
+import software.amazon.awssdk.auth.credentials.internal.SystemSettingsCredentialsProvider;
 import software.amazon.awssdk.utils.SystemSetting;
 import software.amazon.awssdk.utils.ToString;
 

auth/src/main/java/software/amazon/awssdk/auth/credentials/ContainerCredentialsRetryPolicy.java renamed to auth/src/main/java/software/amazon/awssdk/auth/credentials/internal/ContainerCredentialsRetryPolicy.java

@@ -13,7 +13,7 @@
  * permissions and limitations under the License.
  */
 
-package software.amazon.awssdk.auth.credentials;
+package software.amazon.awssdk.auth.credentials.internal;
 
 import java.io.IOException;
 import software.amazon.awssdk.annotations.SdkInternalApi;
@@ -22,7 +22,7 @@
 import software.amazon.awssdk.regions.internal.util.ResourcesEndpointRetryPolicy;
 
 @SdkInternalApi
-final class ContainerCredentialsRetryPolicy implements ResourcesEndpointRetryPolicy {
+public final class ContainerCredentialsRetryPolicy implements ResourcesEndpointRetryPolicy {
 
     /** Max number of times a request is retried before failing. */
     private static final int MAX_RETRIES = 5;

auth/src/main/java/software/amazon/awssdk/auth/credentials/HttpCredentialsProvider.java renamed to auth/src/main/java/software/amazon/awssdk/auth/credentials/internal/HttpCredentialsProvider.java

@@ -13,7 +13,7 @@
  * permissions and limitations under the License.
  */
 
-package software.amazon.awssdk.auth.credentials;
+package software.amazon.awssdk.auth.credentials.internal;
 
 import com.fasterxml.jackson.databind.JsonMappingException;
 import com.fasterxml.jackson.databind.JsonNode;
@@ -22,6 +22,10 @@
 import java.time.Instant;
 import java.util.Optional;
 import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
+import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
+import software.amazon.awssdk.auth.credentials.InstanceProfileCredentialsProvider;
 import software.amazon.awssdk.core.exception.SdkClientException;
 import software.amazon.awssdk.core.util.ComparableUtils;
 import software.amazon.awssdk.core.util.DateUtils;
@@ -39,10 +43,10 @@
  * a container (e.g. an EC2 instance).
  */
 @SdkInternalApi
-abstract class HttpCredentialsProvider implements AwsCredentialsProvider, SdkAutoCloseable {
+public abstract class HttpCredentialsProvider implements AwsCredentialsProvider, SdkAutoCloseable {
     private final Optional<CachedSupplier<AwsCredentials>> credentialsCache;
 
-    HttpCredentialsProvider(Builder<?, ?> builder) {
+    protected HttpCredentialsProvider(Builder<?, ?> builder) {
         this(builder.asyncCredentialUpdateEnabled, builder.asyncThreadName);
     }
 
@@ -83,7 +87,7 @@ private RefreshResult<AwsCredentials> refreshCredentials() {
             Validate.notNull(secretKey, "Failed to load secret key.");
 
             AwsCredentials credentials =
-                token == null ? new AwsCredentials(accessKey.asText(), secretKey.asText())
+                token == null ? AwsCredentials.create(accessKey.asText(), secretKey.asText())
                               : AwsSessionCredentials.create(accessKey.asText(), secretKey.asText(), token.asText());
 
             Instant expiration = getExpiration(expirationNode).orElse(null);

auth/src/main/java/software/amazon/awssdk/auth/credentials/SystemSettingsCredentialsProvider.java renamed to auth/src/main/java/software/amazon/awssdk/auth/credentials/internal/SystemSettingsCredentialsProvider.java

@@ -13,12 +13,17 @@
  * permissions and limitations under the License.
  */
 
-package software.amazon.awssdk.auth.credentials;
+package software.amazon.awssdk.auth.credentials.internal;
 
 import static software.amazon.awssdk.utils.StringUtils.trim;
 
 import java.util.Optional;
 import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.auth.credentials.AwsCredentials;
+import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
+import software.amazon.awssdk.auth.credentials.EnvironmentVariableCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.SystemPropertyCredentialsProvider;
 import software.amazon.awssdk.core.SdkSystemSetting;
 import software.amazon.awssdk.core.exception.SdkClientException;
 import software.amazon.awssdk.utils.StringUtils;
@@ -36,7 +41,7 @@
  * @see SystemPropertyCredentialsProvider
  */
 @SdkInternalApi
-abstract class SystemSettingsCredentialsProvider implements AwsCredentialsProvider {
+public abstract class SystemSettingsCredentialsProvider implements AwsCredentialsProvider {
     @Override
     public AwsCredentials getCredentials() {
         String accessKey = trim(loadSetting(SdkSystemSetting.AWS_ACCESS_KEY_ID).orElse(null));

auth/src/main/java/software/amazon/awssdk/auth/signer/AbstractAws4Signer.java

@@ -30,7 +30,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import software.amazon.awssdk.annotations.SdkProtectedApi;
-import software.amazon.awssdk.auth.AwsExecutionAttribute;
 import software.amazon.awssdk.auth.credentials.AwsCredentials;
 import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
 import software.amazon.awssdk.auth.signer.internal.AbstractAwsSigner;
@@ -409,20 +408,20 @@ private byte[] newSigningKey(AwsCredentials credentials,
     protected <B extends Aws4PresignerParams.Builder> B extractPresignerParams(B builder,
                                                                                ExecutionAttributes executionAttributes) {
         builder = extractSignerParams(builder, executionAttributes);
-        builder.expirationTime(executionAttributes.getAttribute(AwsExecutionAttribute.PRESIGNER_EXPIRATION));
+        builder.expirationTime(executionAttributes.getAttribute(AwsSignerExecutionAttribute.PRESIGNER_EXPIRATION));
 
         return builder;
     }
 
     protected <B extends Aws4SignerParams.Builder> B extractSignerParams(B paramsBuilder,
                                                                          ExecutionAttributes executionAttributes) {
-        paramsBuilder.awsCredentials(executionAttributes.getAttribute(AwsExecutionAttribute.AWS_CREDENTIALS))
-                     .signingName(executionAttributes.getAttribute(AwsExecutionAttribute.SERVICE_SIGNING_NAME))
-                     .signingRegion(executionAttributes.getAttribute(AwsExecutionAttribute.SIGNING_REGION))
-                     .timeOffset(executionAttributes.getAttribute(AwsExecutionAttribute.TIME_OFFSET));
+        paramsBuilder.awsCredentials(executionAttributes.getAttribute(AwsSignerExecutionAttribute.AWS_CREDENTIALS))
+                     .signingName(executionAttributes.getAttribute(AwsSignerExecutionAttribute.SERVICE_SIGNING_NAME))
+                     .signingRegion(executionAttributes.getAttribute(AwsSignerExecutionAttribute.SIGNING_REGION))
+                     .timeOffset(executionAttributes.getAttribute(AwsSignerExecutionAttribute.TIME_OFFSET));
 
-        if (executionAttributes.getAttribute(AwsExecutionAttribute.SIGNER_DOUBLE_URL_ENCODE) != null) {
-            paramsBuilder.doubleUrlEncode(executionAttributes.getAttribute(AwsExecutionAttribute.SIGNER_DOUBLE_URL_ENCODE));
+        if (executionAttributes.getAttribute(AwsSignerExecutionAttribute.SIGNER_DOUBLE_URL_ENCODE) != null) {
+            paramsBuilder.doubleUrlEncode(executionAttributes.getAttribute(AwsSignerExecutionAttribute.SIGNER_DOUBLE_URL_ENCODE));
         }
 
         return paramsBuilder;

auth/src/main/java/software/amazon/awssdk/auth/signer/Aws4Signer.java

@@ -16,10 +16,10 @@
 package software.amazon.awssdk.auth.signer;
 
 import software.amazon.awssdk.annotations.SdkPublicApi;
+import software.amazon.awssdk.auth.credentials.CredentialUtils;
 import software.amazon.awssdk.auth.signer.internal.Aws4SignerRequestParams;
 import software.amazon.awssdk.auth.signer.params.Aws4PresignerParams;
 import software.amazon.awssdk.auth.signer.params.Aws4SignerParams;
-import software.amazon.awssdk.auth.util.CredentialUtils;
 import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
 import software.amazon.awssdk.http.SdkHttpFullRequest;
 

auth/src/main/java/software/amazon/awssdk/auth/AwsExecutionAttribute.java renamed to auth/src/main/java/software/amazon/awssdk/auth/signer/AwsSignerExecutionAttribute.java

@@ -13,7 +13,7 @@
  * permissions and limitations under the License.
  */
 
-package software.amazon.awssdk.auth;
+package software.amazon.awssdk.auth.signer;
 
 import java.time.Instant;
 import software.amazon.awssdk.annotations.ReviewBeforeRelease;
@@ -26,27 +26,21 @@
 import software.amazon.awssdk.regions.Region;
 
 /**
- * AWS-specific attributes attached to the execution. This information is available to {@link ExecutionInterceptor}s and
+ * AWS-specific signing attributes attached to the execution. This information is available to {@link ExecutionInterceptor}s and
  * {@link Signer}s.
  */
 @ReviewBeforeRelease("We should also consider making some of the SDK/AWS-owned set of attributes part of the immutable context"
                      + "if we don't want the interceptors to modify them.")
 @SdkProtectedApi
-public final class AwsExecutionAttribute extends SdkExecutionAttribute {
+public final class AwsSignerExecutionAttribute extends SdkExecutionAttribute {
     /**
      * The key under which the request credentials are set.
      */
     public static final ExecutionAttribute<AwsCredentials> AWS_CREDENTIALS = new ExecutionAttribute<>("AwsCredentials");
 
     /**
-     * The AWS {@link Region} the client was configured with. This is not always same as {@link #SIGNING_REGION} for
-     * global services like IAM.
-     */
-    public static final ExecutionAttribute<Region> AWS_REGION = new ExecutionAttribute<>("AwsRegion");
-
-    /**
-     * The AWS {@link Region} that is used for signing a request. This is not always same as {@link #AWS_REGION} for
-     * global services like IAM.
+     * The AWS {@link Region} that is used for signing a request. This is not always same as the region configured on the client
+     * for global services like IAM.
      */
     public static final ExecutionAttribute<Region> SIGNING_REGION = new ExecutionAttribute<>("SigningRegion");
 
@@ -65,6 +59,6 @@ public final class AwsExecutionAttribute extends SdkExecutionAttribute {
      */
     public static final ExecutionAttribute<Instant> PRESIGNER_EXPIRATION = new ExecutionAttribute<>("PresignerExpiration");
 
-    private AwsExecutionAttribute() {
+    private AwsSignerExecutionAttribute() {
     }
 }

auth/src/main/java/software/amazon/awssdk/auth/signer/QueryStringSigner.java

@@ -20,11 +20,10 @@
 import java.util.Date;
 import java.util.TimeZone;
 import software.amazon.awssdk.annotations.SdkProtectedApi;
-import software.amazon.awssdk.auth.AwsExecutionAttribute;
 import software.amazon.awssdk.auth.credentials.AwsCredentials;
 import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
+import software.amazon.awssdk.auth.credentials.CredentialUtils;
 import software.amazon.awssdk.auth.signer.internal.AbstractAwsSigner;
-import software.amazon.awssdk.auth.util.CredentialUtils;
 import software.amazon.awssdk.core.exception.SdkClientException;
 import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
 import software.amazon.awssdk.http.SdkHttpFullRequest;
@@ -66,8 +65,8 @@ public static QueryStringSigner create() {
      */
     @Override
     public SdkHttpFullRequest sign(SdkHttpFullRequest request, ExecutionAttributes executionAttributes) {
-        final AwsCredentials awsCredentials = executionAttributes.getAttribute(AwsExecutionAttribute.AWS_CREDENTIALS);
-        final Integer offset = executionAttributes.getAttribute(AwsExecutionAttribute.TIME_OFFSET);
+        final AwsCredentials awsCredentials = executionAttributes.getAttribute(AwsSignerExecutionAttribute.AWS_CREDENTIALS);
+        final Integer offset = executionAttributes.getAttribute(AwsSignerExecutionAttribute.TIME_OFFSET);
 
         // anonymous credentials, don't sign
         if (CredentialUtils.isAnonymous(awsCredentials)) {

auth/src/main/java/software/amazon/awssdk/auth/signer/SigningAlgorithm.java

@@ -17,10 +17,10 @@
 
 import java.security.NoSuchAlgorithmException;
 import javax.crypto.Mac;
-import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.annotations.SdkProtectedApi;
 import software.amazon.awssdk.core.exception.SdkClientException;
 
-@SdkInternalApi
+@SdkProtectedApi
 public enum SigningAlgorithm {
 
     HmacSHA256;

auth/src/test/java/software/amazon/awssdk/auth/credentials/ContainerCredentialsRetryPolicyTest.java

@@ -21,6 +21,7 @@
 import java.io.IOException;
 import org.junit.BeforeClass;
 import org.junit.Test;
+import software.amazon.awssdk.auth.credentials.internal.ContainerCredentialsRetryPolicy;
 import software.amazon.awssdk.regions.internal.util.ResourcesEndpointRetryParameters;
 
 public class ContainerCredentialsRetryPolicyTest {

auth/src/test/java/software/amazon/awssdk/auth/credentials/HttpCredentialsProviderTest.java renamed to auth/src/test/java/software/amazon/awssdk/auth/credentials/internal/HttpCredentialsProviderTest.java

@@ -13,7 +13,7 @@
  * permissions and limitations under the License.
  */
 
-package software.amazon.awssdk.auth.credentials;
+package software.amazon.awssdk.auth.credentials.internal;
 
 import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
 import static com.github.tomakehurst.wiremock.client.WireMock.get;
@@ -33,6 +33,7 @@
 import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.Test;
+import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
 import software.amazon.awssdk.core.exception.SdkClientException;
 import software.amazon.awssdk.core.util.DateUtils;
 import software.amazon.awssdk.regions.internal.util.ResourcesEndpointProvider;

auth/src/test/java/software/amazon/awssdk/auth/signer/QueryStringSignerTest.java

@@ -26,7 +26,6 @@
 import java.util.TimeZone;
 import org.junit.BeforeClass;
 import org.junit.Test;
-import software.amazon.awssdk.auth.AwsExecutionAttribute;
 import software.amazon.awssdk.auth.credentials.AnonymousCredentialsProvider;
 import software.amazon.awssdk.auth.credentials.AwsCredentials;
 import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
@@ -94,6 +93,6 @@ private void assertSignature(String expected,
     }
 
     private ExecutionAttributes constructAttributes(AwsCredentials awsCredentials) {
-        return new ExecutionAttributes().putAttribute(AwsExecutionAttribute.AWS_CREDENTIALS, awsCredentials);
+        return new ExecutionAttributes().putAttribute(AwsSignerExecutionAttribute.AWS_CREDENTIALS, awsCredentials);
     }
 }

aws-core/src/main/java/software/amazon/awssdk/awscore/AwsExecutionAttribute.java

@@ -0,0 +1,37 @@
+/*
+ * Copyright 2010-2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.awscore;
+
+import software.amazon.awssdk.annotations.SdkProtectedApi;
+import software.amazon.awssdk.auth.signer.AwsSignerExecutionAttribute;
+import software.amazon.awssdk.core.interceptor.ExecutionAttribute;
+import software.amazon.awssdk.core.interceptor.ExecutionInterceptor;
+import software.amazon.awssdk.core.interceptor.SdkExecutionAttribute;
+import software.amazon.awssdk.regions.Region;
+
+/**
+ * AWS-specific attributes attached to the execution. This information is available to {@link ExecutionInterceptor}s.
+ */
+@SdkProtectedApi
+public final class AwsExecutionAttribute extends SdkExecutionAttribute {
+    /**
+     * The AWS {@link Region} the client was configured with. This is not always same as the
+     * {@link AwsSignerExecutionAttribute#SIGNING_REGION} for global services like IAM.
+     */
+    public static final ExecutionAttribute<Region> AWS_REGION = new ExecutionAttribute<>("AwsRegion");
+
+    private AwsExecutionAttribute() {}
+}

aws-core/src/main/java/software/amazon/awssdk/awscore/interceptor/GlobalServiceExecutionInterceptor.java

@@ -17,7 +17,7 @@
 
 import java.net.UnknownHostException;
 import software.amazon.awssdk.annotations.SdkProtectedApi;
-import software.amazon.awssdk.auth.AwsExecutionAttribute;
+import software.amazon.awssdk.awscore.AwsExecutionAttribute;
 import software.amazon.awssdk.core.exception.SdkClientException;
 import software.amazon.awssdk.core.interceptor.Context;
 import software.amazon.awssdk.core.interceptor.ExecutionAttributes;

aws-core/src/main/java/software/amazon/awssdk/awscore/internal/client/handler/AwsClientHandlerUtils.java

@@ -16,9 +16,10 @@
 package software.amazon.awssdk.awscore.internal.client.handler;
 
 import software.amazon.awssdk.annotations.SdkInternalApi;
-import software.amazon.awssdk.auth.AwsExecutionAttribute;
 import software.amazon.awssdk.auth.credentials.AwsCredentials;
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
+import software.amazon.awssdk.auth.signer.AwsSignerExecutionAttribute;
+import software.amazon.awssdk.awscore.AwsExecutionAttribute;
 import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration;
 import software.amazon.awssdk.awscore.client.config.AwsAdvancedClientOption;
 import software.amazon.awssdk.awscore.client.config.AwsClientOption;
@@ -54,16 +55,16 @@ public static ExecutionContext createExecutionContext(SdkRequest originalRequest
         Validate.validState(credentials != null, "Credential providers must never return null.");
 
         ExecutionAttributes executionAttributes = new ExecutionAttributes()
-            .putAttribute(AwsExecutionAttribute.SERVICE_CONFIG, clientConfig.option(SdkClientOption.SERVICE_CONFIGURATION))
-            .putAttribute(AwsExecutionAttribute.AWS_CREDENTIALS, credentials)
-            .putAttribute(AwsExecutionAttribute.REQUEST_CONFIG, originalRequest.overrideConfiguration()
-                                                                               .map(c -> (RequestOverrideConfiguration) c)
-                                                                               .orElse(AwsRequestOverrideConfiguration.builder()
-                                                                                                                       .build()))
-            .putAttribute(AwsExecutionAttribute.SERVICE_SIGNING_NAME,
+            .putAttribute(AwsSignerExecutionAttribute.SERVICE_CONFIG, clientConfig.option(SdkClientOption.SERVICE_CONFIGURATION))
+            .putAttribute(AwsSignerExecutionAttribute.AWS_CREDENTIALS, credentials)
+            .putAttribute(AwsSignerExecutionAttribute.REQUEST_CONFIG,
+                          originalRequest.overrideConfiguration()
+                                         .map(c -> (RequestOverrideConfiguration) c)
+                                         .orElse(AwsRequestOverrideConfiguration.builder().build()))
+            .putAttribute(AwsSignerExecutionAttribute.SERVICE_SIGNING_NAME,
                           clientConfig.option(AwsClientOption.SERVICE_SIGNING_NAME))
             .putAttribute(AwsExecutionAttribute.AWS_REGION, clientConfig.option(AwsClientOption.AWS_REGION))
-            .putAttribute(AwsExecutionAttribute.SIGNING_REGION, clientConfig.option(AwsClientOption.SIGNING_REGION));
+            .putAttribute(AwsSignerExecutionAttribute.SIGNING_REGION, clientConfig.option(AwsClientOption.SIGNING_REGION));
 
         ExecutionInterceptorChain executionInterceptorChain =
                 new ExecutionInterceptorChain(clientConfig.option(SdkClientOption.EXECUTION_INTERCEPTORS));