-
Notifications
You must be signed in to change notification settings - Fork 840
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Split core module to core, aws-auth and aws-core #475
Conversation
0f4bd61
to
5747b25
Compare
Out of interest why |
This motivation of splitting core module is to break out AWS related concepts(AWS credentials, AWS signers, etc) to a separate module so that the clients generated from API gateway API just needs to depend on core module rather than pulling the whole AWS-specific logic. As to the naming, using I thought about updating |
I suppose that makes the thought process a little clearer - but from a customer perspective do you think they're going to notice the subtly between |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still working my way through this. I'll revisit after lunch.
@@ -32,39 +34,14 @@ | |||
+ "4. The remaining public AWS stuff should be moved to the AWS module. " | |||
+ "We should also consider making some of the SDK/AWS-owned set of attributes part of the immutable context " | |||
+ "if we don't want the interceptors to modify them.") | |||
public final class AwsExecutionAttributes { | |||
public interface AwsExecutionAttributes extends SdkExecutionAttributes { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems to be more of an awscore thing rather than auth specific.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is used by Aws4Signer for now to get the credentials from ExecutionAttributes. I guess this will be moved around once we start working on signer refactor.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shirley the awsauth module should depend on awscore?
@@ -43,9 +35,8 @@ | |||
public enum AwsSystemSetting implements SystemSetting { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Belongs in awscore
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is used by some credential providers, eg:SystemSettingsCredentialsProvider
is using it to locate the credentials.
@@ -132,7 +132,7 @@ public void close() { | |||
private String asyncThreadName; | |||
|
|||
/** | |||
* Created using {@link #builder()}. | |||
* Created using {@link #build()}. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpicky but this seemed more correct before. Comment is mostly useless though anyways.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yup, removed
@@ -13,7 +13,7 @@ | |||
* permissions and limitations under the License. | |||
*/ | |||
|
|||
package software.amazon.awssdk.core.internal.net; | |||
package software.amazon.awssdk.awsauth.credentials.internal; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For ConnectionUtils we should consider refactoring to use the SDK HTTP client instead of URL connection. Also we should consider putting the ec2 metadata "client" into it's own module.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added ReviewBeforeRelease
on it
@@ -13,7 +13,7 @@ | |||
* permissions and limitations under the License. | |||
*/ | |||
|
|||
package software.amazon.awssdk.auth.profile; | |||
package software.amazon.awssdk.awsauth.credentials.profile; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The profile stuff may be better place in it's own module. It isn't just credentials and region and we may expand on it in the future to include other profile configuration.
@@ -13,7 +13,7 @@ | |||
* permissions and limitations under the License. | |||
*/ | |||
|
|||
package software.amazon.awssdk.core.regions; | |||
package software.amazon.awssdk.awsauth.regions; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Auth and region are related but not necesarrily coupled. Should region related stuff be in a separate module?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, we can further split aws-auth module to region
, profile
, credentials
, signer
, I'll try and see how it looks like, not sure if they have circular dependency right now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
profile classes are moved to profiles module via commit 70825f4.
As to regions and credential classes, they are tightly coupled now because they share common functionalities to to retrieve regions/creds from local EC2 instances in HttpCredentialUtils
, endpointRetry
and other classes, unless we break out those class to a separate module, it's difficult to separate them. If we are going with that route, we might end up having plenty "micro" modules and it could increase our maintenance burden and unlike profiles, regions and creds seem to be always used together.
} | ||
return expirationInSeconds; | ||
} | ||
|
||
private boolean isAnonymous(AwsCredentials credentials) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why inline this but not in query string signer? Should this be moved up to abstract?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good catch, fixed
@@ -13,7 +13,7 @@ | |||
* permissions and limitations under the License. | |||
*/ | |||
|
|||
package software.amazon.awssdk.core.auth; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There may be other places where we'd want to mock the clock. This can be moved up to the generic core.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
@@ -13,7 +13,7 @@ | |||
* permissions and limitations under the License. | |||
*/ | |||
|
|||
package software.amazon.awssdk.core.auth.internal; | |||
package software.amazon.awssdk.awsauth.signer; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you sync up with @varunnvs92 about the signer refactoring? I'd imagine there will be another module like signer-spi that has just the interfaces for signing and awsauth contains the AWS specific implementations like SigVn
|
||
import java.net.URI; | ||
import software.amazon.awssdk.annotations.SdkInternalApi; | ||
import software.amazon.awssdk.core.regions.Region; | ||
import software.amazon.awssdk.core.runtime.endpoint.DefaultServiceEndpointBuilder; | ||
import software.amazon.awssdk.awsauth.regions.Region; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
EndpointUtils feels more like awscore than auth.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
@@ -51,7 +53,7 @@ public void testSigning() throws Exception { | |||
"Signature=e73e20539446307a5dc71252dbd5b97e861f1d1267456abda3ebd8d57e519951"; | |||
|
|||
|
|||
AwsCredentials credentials = new AwsCredentials("access", "secret"); | |||
AwsCredentials credentials = AwsCredentials.create("access", "secret"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How was this compiling before? Was the constructor protected? If so should we make it private?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the constructor is protected and this class was in the same package with AwsCredentials
. can't make is private since it has child classes.
final class SdkAsyncClientHandlerImpl extends BaseAsyncClientHandler implements AsyncClientHandler { | ||
|
||
@ReviewBeforeRelease("Should this be migrated to use a params object, particularly because it crosses module boundaries?" + | ||
"We might also need to think about how it will work after AWS/SDK are split.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this comment now addressed?
@@ -68,7 +68,7 @@ private ClientAsyncHttpConfiguration(DefaultHttpConfigurationBuilder builder) { | |||
* to ease resolution of the client. Returns an empty {@link Optional} if neither is set. | |||
*/ | |||
@SdkInternalApi | |||
Optional<Either<SdkAsyncHttpClient, SdkAsyncHttpClientFactory>> toEither() { | |||
public Optional<Either<SdkAsyncHttpClient, SdkAsyncHttpClientFactory>> toEither() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm I don't like this. Is there anything we can do about it? Maybe a ReviewBeforeRelease annotation as I believe we want to flatten this out anyways which could make this cleaner.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch. public
was added in the middle of the work before I moved the duplicate codes to parent class and I forgot to remove it. Fixed
@@ -55,15 +55,15 @@ | |||
|
|||
@ThreadSafe | |||
@SdkInternalApi | |||
public class AmazonHttpClient implements SdkAutoCloseable { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add a ReviewBeforeRelease annotation to come up with a better name for this and the async variant?
private boolean shouldSign(Signer signer, AwsCredentials credentials) { | ||
return signer != null && (credentials != null || signer instanceof CanHandleNullCredentials); | ||
private boolean shouldSign(Signer signer) { | ||
return signer != null; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems like a behavior change. Is this okay?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I removed the credential check because core is no long aware of AwsCredentials. Will add a note here to add back this logic when we start working on signer refactor
* The key under which the request config is stored. | ||
*/ | ||
@ReviewBeforeRelease("RequestConfig feels pretty internal. Can we just expose parts of it?") | ||
ExecutionAttribute<RequestOverrideConfig> REQUEST_CONFIG = new ExecutionAttribute<>("RequestConfig"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This comment doesn't seem to apply anymore since RequestOverrideConfig is a public class.
This may be out of scope of this review but I think the other couplings we have to AWS in core is the retry related stuff. How we detect throttling and clock skew is a bit AWS specific (moreso throttling). I think there is also some coupling in the marshalling/unmarshalling paths. Particularly around the response handlers and error response handlers. |
Yes, this PR is just the first step and there are still some remaining AWS functionality such as parsing aws headers in response handler, stax response marshaller, retry related stuff as you mentioned. To keep PR smaller(it's already huge as it is..), I will create separate PR for each of the remaining task. |
e4401a5
to
7231034
Compare
7231034
to
77ded43
Compare
…2cb15bf8 Pull request: release <- staging/416f5504-caf9-45ad-a842-345f2cb15bf8
Description
Splitting core module to auth, core, aws-core and profiles modules.
Dependencies:
profiles -> core
regions -> profiles
auth -> regions
aws-core -> auth
services -> aws-core
Apigatway generated clients -> core
Apigatway generated clients using IAM role -> core, auth
Motivation and Context
Related to #27
Note: This is the first task to move out AWS related classes.
The rest of the tasks left are:
CRC32_FROM_COMPRESSED_DATA_ENABLED
needs to be moved to aws-core module once we replace the legacyHttpResponse
withSdkHttpFullResponse
Testing
mvn clean install
and all integration tests were passedTypes of changes
Checklist
mvn install
succeedsLicense