From ddc48f8f7aa2616673e6f1500727adbfd382f9b3 Mon Sep 17 00:00:00 2001
From: Aaron J Todd <todaaron@amazon.com>
Date: Fri, 18 Mar 2022 15:52:55 -0400
Subject: [PATCH] fix: backfill optional auth trait for cognito and cognito-idp

---
 .../customization/BackfillOptionalAuth.kt     | 68 +++++++++++++++++++
 .../sts/StsDisableAuthForOperations.kt        | 43 ------------
 ...tlin.codegen.integration.KotlinIntegration |  2 +-
 3 files changed, 69 insertions(+), 44 deletions(-)
 create mode 100644 codegen/smithy-aws-kotlin-codegen/src/main/kotlin/aws/sdk/kotlin/codegen/customization/BackfillOptionalAuth.kt
 delete mode 100644 codegen/smithy-aws-kotlin-codegen/src/main/kotlin/aws/sdk/kotlin/codegen/customization/sts/StsDisableAuthForOperations.kt

diff --git a/codegen/smithy-aws-kotlin-codegen/src/main/kotlin/aws/sdk/kotlin/codegen/customization/BackfillOptionalAuth.kt b/codegen/smithy-aws-kotlin-codegen/src/main/kotlin/aws/sdk/kotlin/codegen/customization/BackfillOptionalAuth.kt
new file mode 100644
index 00000000000..02be761adb9
--- /dev/null
+++ b/codegen/smithy-aws-kotlin-codegen/src/main/kotlin/aws/sdk/kotlin/codegen/customization/BackfillOptionalAuth.kt
@@ -0,0 +1,68 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+package aws.sdk.kotlin.codegen.customization
+
+import software.amazon.smithy.codegen.core.CodegenException
+import software.amazon.smithy.kotlin.codegen.KotlinSettings
+import software.amazon.smithy.kotlin.codegen.integration.KotlinIntegration
+import software.amazon.smithy.model.Model
+import software.amazon.smithy.model.shapes.OperationShape
+import software.amazon.smithy.model.traits.OptionalAuthTrait
+import software.amazon.smithy.model.transform.ModelTransformer
+
+/**
+ * Several services have operations that do not/should not be signed and need
+ * to have the auth trait manually set to `[]`.
+ *
+ * See https://github.com/awslabs/aws-sdk-kotlin/issues/280 and https://github.com/awslabs/aws-sdk-kotlin/issues/553
+ */
+class BackfillOptionalAuth : KotlinIntegration {
+
+    // service shape id -> operations that should have optional auth trait applied
+    private val disabledAuthOperationsByService = mapOf(
+        "com.amazonaws.sts#AWSSecurityTokenServiceV20110615" to setOf(
+            "com.amazonaws.sts#AssumeRoleWithSAML",
+            "com.amazonaws.sts#AssumeRoleWithWebIdentity"
+        ),
+        "com.amazonaws.cognitoidentity#AWSCognitoIdentityService" to setOf(
+            "com.amazonaws.cognitoidentity#GetId",
+            "com.amazonaws.cognitoidentity#GetOpenIdToken",
+            "com.amazonaws.cognitoidentity#UnlinkIdentity",
+            "com.amazonaws.cognitoidentity#GetCredentialsForIdentity"
+        ),
+        // https://docs.aws.amazon.com/cognito/latest/developerguide/security_iam_service-with-iam.html
+        "com.amazonaws.cognitoidentityprovider#AWSCognitoIdentityProviderService" to setOf(
+            "com.amazonaws.cognitoidentityprovider#ConfirmDevice",
+            "com.amazonaws.cognitoidentityprovider#ForgetDevice",
+            "com.amazonaws.cognitoidentityprovider#GetDevice",
+            "com.amazonaws.cognitoidentityprovider#GlobalSignOut",
+            "com.amazonaws.cognitoidentityprovider#ListDevices",
+            "com.amazonaws.cognitoidentityprovider#RevokeToken",
+            "com.amazonaws.cognitoidentityprovider#UpdateDeviceStatus"
+        )
+    )
+
+    // this should happen prior to most other integrations that could rely on the presence of this trait
+    override val order: Byte = -60
+
+    override fun enabledForService(model: Model, settings: KotlinSettings): Boolean {
+        val serviceId = settings.service.toString()
+        return serviceId in disabledAuthOperationsByService
+    }
+
+    override fun preprocessModel(model: Model, settings: KotlinSettings): Model {
+        val serviceId = settings.service.toString()
+        val optionalAuthOperations = disabledAuthOperationsByService[serviceId] ?: throw CodegenException("expected $serviceId in disabled operations map")
+        return ModelTransformer.create()
+            .mapShapes(model) {
+                if (optionalAuthOperations.contains(it.id.toString()) && it is OperationShape) {
+                    it.toBuilder().addTrait(OptionalAuthTrait()).build()
+                } else {
+                    it
+                }
+            }
+    }
+}
diff --git a/codegen/smithy-aws-kotlin-codegen/src/main/kotlin/aws/sdk/kotlin/codegen/customization/sts/StsDisableAuthForOperations.kt b/codegen/smithy-aws-kotlin-codegen/src/main/kotlin/aws/sdk/kotlin/codegen/customization/sts/StsDisableAuthForOperations.kt
deleted file mode 100644
index 5ee80f87903..00000000000
--- a/codegen/smithy-aws-kotlin-codegen/src/main/kotlin/aws/sdk/kotlin/codegen/customization/sts/StsDisableAuthForOperations.kt
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
- * SPDX-License-Identifier: Apache-2.0.
- */
-
-package aws.sdk.kotlin.codegen.customization.sts
-
-import aws.sdk.kotlin.codegen.sdkId
-import software.amazon.smithy.kotlin.codegen.KotlinSettings
-import software.amazon.smithy.kotlin.codegen.integration.KotlinIntegration
-import software.amazon.smithy.kotlin.codegen.model.expectShape
-import software.amazon.smithy.model.Model
-import software.amazon.smithy.model.shapes.OperationShape
-import software.amazon.smithy.model.shapes.ServiceShape
-import software.amazon.smithy.model.shapes.ShapeId
-import software.amazon.smithy.model.traits.AuthTrait
-import software.amazon.smithy.model.transform.ModelTransformer
-
-/**
- * STS needs to have the auth trait manually set to []
- *
- * See https://github.com/awslabs/aws-sdk-kotlin/issues/280
- */
-class StsDisableAuthForOperations : KotlinIntegration {
-
-    private val optionalAuthOperations = setOf(
-        ShapeId.from("com.amazonaws.sts#AssumeRoleWithSAML"),
-        ShapeId.from("com.amazonaws.sts#AssumeRoleWithWebIdentity")
-    )
-
-    override fun enabledForService(model: Model, settings: KotlinSettings): Boolean =
-        model.expectShape<ServiceShape>(settings.service).sdkId == "STS"
-
-    override fun preprocessModel(model: Model, settings: KotlinSettings): Model =
-        ModelTransformer.create()
-            .mapShapes(model) {
-                if (optionalAuthOperations.contains(it.id) && it is OperationShape) {
-                    it.toBuilder().addTrait(AuthTrait(emptySet())).build()
-                } else {
-                    it
-                }
-            }
-}
diff --git a/codegen/smithy-aws-kotlin-codegen/src/main/resources/META-INF/services/software.amazon.smithy.kotlin.codegen.integration.KotlinIntegration b/codegen/smithy-aws-kotlin-codegen/src/main/resources/META-INF/services/software.amazon.smithy.kotlin.codegen.integration.KotlinIntegration
index 8bdb0ee2207..e0c6518b17a 100644
--- a/codegen/smithy-aws-kotlin-codegen/src/main/resources/META-INF/services/software.amazon.smithy.kotlin.codegen.integration.KotlinIntegration
+++ b/codegen/smithy-aws-kotlin-codegen/src/main/resources/META-INF/services/software.amazon.smithy.kotlin.codegen.integration.KotlinIntegration
@@ -15,5 +15,5 @@ aws.sdk.kotlin.codegen.customization.polly.PollyPresigner
 aws.sdk.kotlin.codegen.customization.BoxServices
 aws.sdk.kotlin.codegen.customization.glacier.GlacierBodyChecksum
 aws.sdk.kotlin.codegen.customization.machinelearning.MachineLearningEndpointCustomization
-aws.sdk.kotlin.codegen.customization.sts.StsDisableAuthForOperations
+aws.sdk.kotlin.codegen.customization.BackfillOptionalAuth
 aws.sdk.kotlin.codegen.customization.RemoveEventStreamOperations