Split core module to core, aws-auth and aws-core

[zoewangg]

Description

Splitting core module to auth, core, aws-core and profiles modules.

• regions: regions classes
• profiles: contains profile classes.
• auth: contains credentials, aws signer classes
• aws-core: core runtime classes used by aws java clients.
• core: core runtime classes.

Dependencies:
profiles -> core
regions -> profiles
auth -> regions
aws-core -> auth
services -> aws-core
Apigatway generated clients -> core
Apigatway generated clients using IAM role -> core, auth

Motivation and Context

Related to #27
Note: This is the first task to move out AWS related classes.
The rest of the tasks left are:

• ResponseHandler and Json error response handler classes are still dealing with aws headers and need to be moved to aws-core.
• CRC32_FROM_COMPRESSED_DATA_ENABLED needs to be moved to aws-core module once we replace the legacyHttpResponse with SdkHttpFullResponse

Testing

mvn clean install and all integration tests were passed

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)

Checklist

• I have read the CONTRIBUTING document
• Local run of mvn install succeeds
• My code follows the code style of this project
• My change requires a change to the Javadoc documentation
• I have updated the Javadoc documentation accordingly
• I have read the README document
• I have added tests to cover my changes
• All new and existing tests passed
• A short description of the change has been added to the CHANGELOG

License

• I confirm that this pull request can be released under the Apache 2 license

[kiiadi]

Out of interest why aws-auth / aws-core rather than just auth and core ? we're already bounded by the AWS groupId and it means we have repetition in the package name as well: software.amazon.awssdk.awsauth.credentials for exampl has "aws" in it twice.

[zoewangg]

This motivation of splitting core module is to break out AWS related concepts(AWS credentials, AWS signers, etc) to a separate module so that the clients generated from API gateway API just needs to depend on core module rather than pulling the whole AWS-specific logic.

As to the naming, using aws-auth makes is clear that it contains AWS related authentication classes and applies to all AWS services. The clients generated from API gateway don't need to depend on it unless they use IAM roles for authentication.

I thought about updating core to sdk-core to differentiate from aws-core, but don't have strong opinions and open to discussion.

[kiiadi]

I suppose that makes the thought process a little clearer - but from a customer perspective do you think they're going to notice the subtly between software.amazon.awssdk:auth and software.amazon.awssdk:aws-auth? As I say, we're already in the awssdk groupId.

[shorea]

Still working my way through this. I'll revisit after lunch.

[shorea]

This seems to be more of an awscore thing rather than auth specific.

[zoewangg]

This is used by Aws4Signer for now to get the credentials from ExecutionAttributes. I guess this will be moved around once we start working on signer refactor.

[shorea]

Shirley the awsauth module should depend on awscore?

[shorea]

Belongs in awscore

[zoewangg]

This is used by some credential providers, eg:SystemSettingsCredentialsProvider is using it to locate the credentials.

[shorea]

Nitpicky but this seemed more correct before. Comment is mostly useless though anyways.

[zoewangg]

yup, removed

[shorea]

For ConnectionUtils we should consider refactoring to use the SDK HTTP client instead of URL connection. Also we should consider putting the ec2 metadata "client" into it's own module.

[zoewangg]

added ReviewBeforeRelease on it

[shorea]

The profile stuff may be better place in it's own module. It isn't just credentials and region and we may expand on it in the future to include other profile configuration.

[shorea]

Auth and region are related but not necesarrily coupled. Should region related stuff be in a separate module?

[zoewangg]

Yes, we can further split aws-auth module to region, profile, credentials, signer, I'll try and see how it looks like, not sure if they have circular dependency right now.

[zoewangg]

profile classes are moved to profiles module via commit 70825f4.

As to regions and credential classes, they are tightly coupled now because they share common functionalities to to retrieve regions/creds from local EC2 instances in HttpCredentialUtils, endpointRetry and other classes, unless we break out those class to a separate module, it's difficult to separate them. If we are going with that route, we might end up having plenty "micro" modules and it could increase our maintenance burden and unlike profiles, regions and creds seem to be always used together.

[shorea]

Why inline this but not in query string signer? Should this be moved up to abstract?

[zoewangg]

good catch, fixed

[shorea]

There may be other places where we'd want to mock the clock. This can be moved up to the generic core.

[zoewangg]

fixed

[shorea]

Can you sync up with @varunnvs92 about the signer refactoring? I'd imagine there will be another module like signer-spi that has just the interfaces for signing and awsauth contains the AWS specific implementations like SigVn

[shorea]

EndpointUtils feels more like awscore than auth.

[zoewangg]

fixed

[shorea]

How was this compiling before? Was the constructor protected? If so should we make it private?

[zoewangg]

the constructor is protected and this class was in the same package with AwsCredentials. can't make is private since it has child classes.

[shorea]

Is this comment now addressed?

[shorea]

Hmm I don't like this. Is there anything we can do about it? Maybe a ReviewBeforeRelease annotation as I believe we want to flatten this out anyways which could make this cleaner.

[zoewangg]

Good catch. public was added in the middle of the work before I moved the duplicate codes to parent class and I forgot to remove it. Fixed

[shorea]

Can you add a ReviewBeforeRelease annotation to come up with a better name for this and the async variant?

[shorea]

This seems like a behavior change. Is this okay?

[zoewangg]

I removed the credential check because core is no long aware of AwsCredentials. Will add a note here to add back this logic when we start working on signer refactor

[shorea]

This comment doesn't seem to apply anymore since RequestOverrideConfig is a public class.

[shorea]

This may be out of scope of this review but I think the other couplings we have to AWS in core is the retry related stuff. How we detect throttling and clock skew is a bit AWS specific (moreso throttling).

I think there is also some coupling in the marshalling/unmarshalling paths. Particularly around the response handlers and error response handlers.

[zoewangg]

Yes, this PR is just the first step and there are still some remaining AWS functionality such as parsing aws headers in response handler, stax response marshaller, retry related stuff as you mentioned. To keep PR smaller(it's already huge as it is..), I will create separate PR for each of the remaining task.