|
| 1 | +# Decision Log for Smithy Reference Architecture Identity and Auth support |
| 2 | + |
| 3 | +## Log Entry Template |
| 4 | + |
| 5 | +**Source:** (Meeting/aside/pair programming discussion/daily standup) to (discuss/implement) X |
| 6 | + |
| 7 | +**Attendees:** (names) |
| 8 | + |
| 9 | +**Closed Decisions:** |
| 10 | + |
| 11 | +1. Question? Decision. Justification. |
| 12 | + |
| 13 | +**Open Decisions:** |
| 14 | + |
| 15 | +1. (Old/Reopened/New) Question? |
| 16 | + |
| 17 | +## 3/31/23 |
| 18 | + |
| 19 | +**Source:** Meeting for API surface area review of Identity changes made as part of SRA. |
| 20 | + |
| 21 | +**Attendees:** Anna-Karin, David, Debora, Dongie, Jay, John, Matt, Olivier, Zoe |
| 22 | + |
| 23 | +**Closed Decisions:** |
| 24 | + |
| 25 | +1. **Should the new interface `AwsCredentialsIdentity` provide `create()` methods?** |
| 26 | + 1. Yes, to provide customers a way to easily create instances of this type without needing to depend on |
| 27 | + `AwsBasicCredentials` from the `auth` module. Some duplication of code from `AwsBasicCredentials` is okay. |
| 28 | + 2. The implementation of `create()` can use an anonymous inner class, instead of creating a new class with a name. |
| 29 | +2. **How should `AwsCredentialsProviderChain` support the new Identity type `AwsCredentialsIdentity`?** |
| 30 | + 1. `Builder.addCredentialsProvider()` can be overloaded to accept the new type. |
| 31 | + 2. The varargs methods `of()` and `Builder.credentialsProviders()` can be overloaded to accept the new type. This |
| 32 | + would not be ambiguous when called with zero args, because according to |
| 33 | + https://docs.oracle.com/javase/specs/jls/se8/html/jls-15.html#jls-15.12.2.5 the more specific method is chosen, |
| 34 | + i.e., `AwsCredentialsProviderChain.of()` would invoke `of(AwsCredentialsProvider...)`. |
| 35 | + 3. The `Builder.credentialsProviders()` method accepting a `Collection` cannot be overloaded because both methods |
| 36 | + would have the same erasure. So use a method with a different name - `credentialsIdentityProviders()`. We don't |
| 37 | + want to add `Identity` to the other methods (varargs, `add`, `of`) too, as it might mislead to thinking that's a |
| 38 | + different "property" of the chain. So a separate method name is used only in this one-off. |
| 39 | +3. **How should an `IdentityResolver` define which `IdentityProperty`s it supports?** |
| 40 | + 1. An `IdentityResolver` should define a `public static` for each `IdentityProperty` it supports and document the |
| 41 | + behavior of how it uses it during `resolveIdentity`. This will help the caller determine how to construct an |
| 42 | + appropriate `ResolveIdentityRequest`. |
| 43 | + 2. Should there be stronger abstraction for any property? |
| 44 | + 1. We discussed potential use cases like metrics collector / telemetry. If we have a compelling use case, we can |
| 45 | + add it later. Though it would have to be not AWS specific to be added to these generic interfaces. |
| 46 | + |
| 47 | +**Open Decisions:** |
| 48 | + |
| 49 | +None |
0 commit comments