Adding support for S3 control

Author: spfink

aws-sdk-java/pom.xml

@@ -710,6 +710,11 @@ Amazon AutoScaling, etc).</description>
             <artifactId>s3</artifactId>
             <version>${awsjavasdk.version}</version>
         </dependency>
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>s3control</artifactId>
+            <version>${awsjavasdk.version}</version>
+        </dependency>
         <dependency>
             <groupId>software.amazon.awssdk</groupId>
             <artifactId>sagemaker</artifactId>

bom/pom.xml

@@ -820,6 +820,11 @@
                 <artifactId>s3</artifactId>
                 <version>${awsjavasdk.version}</version>
             </dependency>
+            <dependency>
+                <groupId>software.amazon.awssdk</groupId>
+                <artifactId>s3control</artifactId>
+                <version>${awsjavasdk.version}</version>
+            </dependency>
             <dependency>
                 <groupId>software.amazon.awssdk</groupId>
                 <artifactId>sagemaker</artifactId>

codegen/src/main/java/software/amazon/awssdk/codegen/model/service/AuthType.java

@@ -26,7 +26,8 @@ public enum AuthType {
     IAM("iam"),
     V4("v4"),
     V4_UNSIGNED_BODY("v4-unsigned-body"),
-    S3("s3")
+    S3("s3"),
+    S3V4("s3v4")
     ;
 
     private final String value;

codegen/src/main/java/software/amazon/awssdk/codegen/poet/builder/BaseClientBuilderClass.java

@@ -265,6 +265,7 @@ private CodeBlock signerDefinitionMethodBody() {
             case V4:
                 return v4SignerDefinitionMethodBody();
             case S3:
+            case S3V4:
                 return s3SignerDefinitionMethodBody();
             default:
                 throw new UnsupportedOperationException("Unsupported signer type: " + authType);

core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/pipeline/stages/SigningStage.java

@@ -69,6 +69,7 @@ private SdkHttpFullRequest signRequest(SdkHttpFullRequest request, RequestExecut
                         .signAsyncRequestBody(signedRequest, context.requestProvider(), context.executionAttributes());
                 context.requestProvider(transformedRequestProvider);
             }
+            updateInterceptorContext(signedRequest, context.executionContext());
             return signedRequest;
         }
 

pom.xml

@@ -727,6 +727,10 @@
                                     <title>Resource Groups Tagging API</title>
                                     <packages>software.amazon.awssdk.services.resourcegroupstaggingapi*</packages>
                                 </group>
+                                <group>
+                                    <title>S3 Control</title>
+                                    <packages>software.amazon.awssdk.services.s3control*</packages>
+                                </group>
                                 <group>
                                     <title>S3</title>
                                     <packages>software.amazon.awssdk.services.s3*</packages>

services/pom.xml

@@ -90,6 +90,7 @@
         <module>route53</module>
         <module>route53domains</module>
         <module>s3</module>
+        <module>s3control</module>
         <module>sms</module>
         <module>servicecatalog</module>
         <module>ses</module>

services/s3control/pom.xml

@@ -0,0 +1,77 @@
+<?xml version="1.0"?>
+<!--
+  ~ Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License").
+  ~ You may not use this file except in compliance with the License.
+  ~ A copy of the License is located at
+  ~
+  ~  http://aws.amazon.com/apache2.0
+  ~
+  ~ or in the "license" file accompanying this file. This file is distributed
+  ~ on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+  ~ express or implied. See the License for the specific language governing
+  ~ permissions and limitations under the License.
+  -->
+
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"
+         xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>software.amazon.awssdk</groupId>
+        <artifactId>services</artifactId>
+        <version>2.9.14-SNAPSHOT</version>
+    </parent>
+    <artifactId>s3control</artifactId>
+    <name>AWS Java SDK :: Services :: Amazon S3 Control</name>
+    <description>The AWS Java SDK for Amazon S3 Control module holds the client classes that are used for communicating with
+        Amazon Simple Storage Service Control Plane
+    </description>
+    <url>https://aws.amazon.com/sdkforjava</url>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <configuration>
+                    <archive>
+                        <manifestEntries>
+                            <Automatic-Module-Name>software.amazon.awssdk.services.s3control</Automatic-Module-Name>
+                        </manifestEntries>
+                    </archive>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+    <dependencies>
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>aws-xml-protocol</artifactId>
+            <version>${awsjavasdk.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>protocol-core</artifactId>
+            <version>${awsjavasdk.version}</version>
+        </dependency>
+        <!-- Test Dependencies -->
+        <dependency>
+            <artifactId>commons-io</artifactId>
+            <groupId>commons-io</groupId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>software.amazon.awssdk</groupId>
+            <artifactId>sts</artifactId>
+            <version>${awsjavasdk.version}</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+</project>

services/s3control/src/it/java/software.amazon.awssdk.services.s3control/S3ControlIntegrationTest.java

@@ -0,0 +1,137 @@
+/*
+ * Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+package software.amazon.awssdk.services.s3control;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Fail.fail;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import software.amazon.awssdk.core.interceptor.Context;
+import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
+import software.amazon.awssdk.core.interceptor.ExecutionInterceptor;
+import software.amazon.awssdk.http.SdkHttpFullRequest;
+import software.amazon.awssdk.services.s3control.model.DeletePublicAccessBlockRequest;
+import software.amazon.awssdk.services.s3control.model.GetPublicAccessBlockResponse;
+import software.amazon.awssdk.services.s3control.model.NoSuchPublicAccessBlockConfigurationException;
+import software.amazon.awssdk.services.s3control.model.PutPublicAccessBlockResponse;
+import software.amazon.awssdk.services.s3control.model.S3ControlException;
+import software.amazon.awssdk.services.sts.StsClient;
+import software.amazon.awssdk.testutils.service.AwsIntegrationTestBase;
+
+public class S3ControlIntegrationTest extends AwsIntegrationTestBase {
+
+    private String accountId;
+
+    private static final String INVALID_ACCOUNT_ID = "1";
+
+    private S3ControlClient client;
+
+    @Before
+    public void setup() {
+        StsClient sts = StsClient.create();
+        accountId = sts.getCallerIdentity().account();
+        client = S3ControlClient.builder()
+                                .overrideConfiguration(o -> o.addExecutionInterceptor(new AssertPayloadIsSignedExecutionInterceptor()))
+                                .build();
+    }
+
+    @After
+    public void tearDown() {
+        try {
+            client.deletePublicAccessBlock(DeletePublicAccessBlockRequest.builder().accountId(accountId).build());
+        } catch (Exception ignore) {
+
+        }
+    }
+
+    @Test
+    public void putGetAndDeletePublicAccessBlock_ValidAccount() throws InterruptedException {
+        PutPublicAccessBlockResponse result =
+            client.putPublicAccessBlock(r -> r.accountId(accountId)
+                                              .publicAccessBlockConfiguration(r2 -> r2.blockPublicAcls(true)
+                                                                                      .ignorePublicAcls(true)));
+        assertNotNull(result);
+
+        // Wait a bit for the put to take affect
+        Thread.sleep(5000);
+
+        GetPublicAccessBlockResponse config = client.getPublicAccessBlock(r -> r.accountId(accountId));
+        assertTrue(config.publicAccessBlockConfiguration().blockPublicAcls());
+        assertTrue(config.publicAccessBlockConfiguration().ignorePublicAcls());
+
+        assertNotNull(client.deletePublicAccessBlock(r -> r.accountId(accountId)));
+    }
+
+    @Test
+    public void putPublicAccessBlock_NoSuchAccount() {
+        try {
+            assertNotNull(client.putPublicAccessBlock(r -> r.accountId(INVALID_ACCOUNT_ID)
+                                                            .publicAccessBlockConfiguration(r2 -> r2.restrictPublicBuckets(true))));
+            fail("Expected exception");
+        } catch (S3ControlException e) {
+            assertEquals("AccessDenied", e.awsErrorDetails().errorCode());
+            assertNotNull(e.requestId());
+        }
+    }
+
+    @Test
+    public void getPublicAccessBlock_NoSuchAccount() {
+        try {
+            client.getPublicAccessBlock(r -> r.accountId(INVALID_ACCOUNT_ID));
+            fail("Expected exception");
+        } catch (S3ControlException e) {
+            assertEquals("AccessDenied", e.awsErrorDetails().errorCode());
+            assertNotNull(e.requestId());
+        }
+    }
+
+    @Test
+    public void getPublicAccessBlock_NoSuchConfig() {
+        try {
+            client.getPublicAccessBlock(r -> r.accountId(accountId));
+            fail("Expected exception");
+        } catch (NoSuchPublicAccessBlockConfigurationException e) {
+            assertNotNull(e.requestId());
+        }
+    }
+
+    @Test
+    public void deletePublicAccessBlock_NoSuchAccount() {
+        try {
+            client.deletePublicAccessBlock(r -> r.accountId(INVALID_ACCOUNT_ID));
+            fail("Expected exception");
+        } catch (S3ControlException e) {
+            assertEquals("AccessDenied", e.awsErrorDetails().errorCode());
+            assertNotNull(e.requestId());
+        }
+    }
+
+    /**
+     * Request handler to assert that payload signing is enabled.
+     */
+    private static final class AssertPayloadIsSignedExecutionInterceptor implements ExecutionInterceptor {
+        @Override
+        public void afterTransmission(Context.AfterTransmission context, ExecutionAttributes executionAttributes) {
+            SdkHttpFullRequest request = (SdkHttpFullRequest) context.httpRequest();
+            assertThat(context.httpRequest().headers().get("x-amz-content-sha256").get(0)).doesNotContain("UNSIGNED-PAYLOAD");
+        }
+    }
+
+}