Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use iamResource name for condition keys #981

Merged
merged 1 commit into from
Nov 15, 2021
Merged

Use iamResource name for condition keys #981

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions docs/source/1.0/spec/aws/aws-core.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1413,7 +1413,6 @@ A client MUST provide a mechanism for customers to identify whether checksum
validation was performed on a response and which checksum algorithm was
validated.

.. _chunked trailer part: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html

Service behavior
================
Expand Down Expand Up @@ -1525,7 +1524,7 @@ HTTP header. Thus, the resolved location is always ``Header``.

.. _Header-based auth: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html
.. _Streaming-signing auth: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html
.. _chunked trailer part: https://tools.ietf.org/html/rfc7230#section-4.1.2
.. _chunked trailer part: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be a separate commit (I'm fine without a separate PR)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably should have been, but not worth a ton of effort to correct either.



.. _aws.protocols#httpChecksum-trait_with-checksum-required:
Expand Down
96 changes: 26 additions & 70 deletions docs/source/1.0/spec/aws/aws-iam.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -602,80 +602,36 @@ trait.

Given the following model,

.. tabs::

.. code-tab:: smithy

namespace smithy.example

use aws.api#service
use aws.iam#defineConditionKeys
use aws.iam#conditionKeys
.. code-block:: smithy

@service(sdkId: "My Value", arnNamespace: "myservice")
@defineConditionKeys("otherservice:Bar": { type: "String" })
service MyService {
version: "2017-02-11",
resources: [MyResource],
}
namespace smithy.example

@conditionKeys(["otherservice:Bar"])
resource MyResource {
identifiers: {foo: String},
operations: [MyOperation],
resources: [MyInnerResource],
}
use aws.api#service
use aws.iam#defineConditionKeys
use aws.iam#conditionKeys
use aws.iam#iamResource

resource MyInnerResource {
identifiers: {yum: String}
}
@service(sdkId: "My Value", arnNamespace: "myservice")
@defineConditionKeys("otherservice:Bar": { type: "String" })
service MyService {
version: "2017-02-11",
resources: [MyResource],
}

@conditionKeys(["aws:region"])
operation MyOperation {}
@conditionKeys(["otherservice:Bar"])
resource MyResource {
identifiers: {foo: String},
operations: [MyOperation],
resources: [MyInnerResource],
}

.. code-tab:: json
@iamResource(name: "InnerResource")
resource MyInnerResource {
identifiers: {yum: String}
}

{
"smithy": "1.0",
"shapes": {
"smithy.example#MyService": {
"type": "service",
"version": "2017-02-11",
"resources": [
{
"target": "smithy.example#MyResource"
}
],
"traits": {
"aws.api#service": {
"sdkId": "My Value",
"arnNamespace": "myservice"
},
"aws.iam#defineConditionKeys": {
"otherservice:Bar": {
"type": "String"
}
}
}
},
"smithy.example#MyResource": {
"type": "resource",
"identifiers": {
"yum": {
"target": "smithy.api#String"
}
}
},
"smithy.example#MyOperation": {
"type": "operation",
"traits": {
"aws.iam#conditionKeys": [
"aws:region"
]
}
}
}
}
@conditionKeys(["aws:region"])
operation MyOperation {}

The computed condition keys for the service are:

Expand All @@ -689,11 +645,11 @@ The computed condition keys for the service are:
-
* ``myservice:MyResourceFoo``
* ``otherservice:Bar``
* - ``MyInnerResource``
* - ``InnerResource``
-
* ``myservice:MyResourceFoo``
* ``otherservice:Bar``
* ``myservice:MyInnerResourceYum``
* ``myservice:InnerResourceYum``
* - ``MyOperation``
-
* ``aws:region``
Expand Down
14 changes: 10 additions & 4 deletions ...ws-iam-traits/src/main/java/software/amazon/smithy/aws/iam/traits/ConditionKeysIndex.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@ private Map<String, String> inferChildResourceIdentifiers(
// Inline provided documentation or compute a simple string.
builder.documentation(shape.getTrait(DocumentationTrait.class)
.map(DocumentationTrait::getValue)
.orElse(computeIdentifierDocs(resource.getId(), childId)));
.orElse(computeIdentifierDocs(resource, childId)));
// The identifier name is comprised of "[arn service]:[Resource name][uppercase identifier name]
String computeIdentifierName = computeIdentifierName(arnRoot, resource, childId);
// Add the computed identifier binding and resolved context key to the result map.
Expand All @@ -238,11 +238,17 @@ private Map<String, String> inferChildResourceIdentifiers(
return result;
}

private static String computeIdentifierDocs(ShapeId id, String identifierName) {
return id.getName() + " resource " + identifierName + " identifier";
private static String computeIdentifierDocs(ResourceShape resource, String identifierName) {
return getContextKeyResourceName(resource) + " resource " + identifierName + " identifier";
}

private static String computeIdentifierName(String arnRoot, ResourceShape resource, String identifierName) {
return arnRoot + ":" + resource.getId().getName() + StringUtils.capitalize(identifierName);
return arnRoot + ":" + getContextKeyResourceName(resource) + StringUtils.capitalize(identifierName);
}

private static String getContextKeyResourceName(ResourceShape resource) {
return resource.getTrait(IamResourceTrait.class)
.flatMap(IamResourceTrait::getName)
.orElse(resource.getId().getName());
}
}
6 changes: 3 additions & 3 deletions ...am-traits/src/test/java/software/amazon/smithy/aws/iam/traits/ConditionKeysIndexTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,22 +45,22 @@ public void successfullyLoadsConditionKeys() {

ConditionKeysIndex index = ConditionKeysIndex.of(model);
assertThat(index.getConditionKeyNames(service), containsInAnyOrder(
"aws:accountId", "foo:baz", "myservice:Resource1Id1", "myservice:Resource2Id2"));
"aws:accountId", "foo:baz", "myservice:Resource1Id1", "myservice:ResourceTwoId2"));
assertThat(index.getConditionKeyNames(service, ShapeId.from("smithy.example#Operation1")),
containsInAnyOrder("aws:accountId", "foo:baz"));
assertThat(index.getConditionKeyNames(service, ShapeId.from("smithy.example#Resource1")),
containsInAnyOrder("aws:accountId", "foo:baz", "myservice:Resource1Id1"));
// Note that ID1 is not duplicated but rather reused on the child operation.
assertThat(index.getConditionKeyNames(service, ShapeId.from("smithy.example#Resource2")),
containsInAnyOrder("aws:accountId", "foo:baz",
"myservice:Resource1Id1", "myservice:Resource2Id2"));
"myservice:Resource1Id1", "myservice:ResourceTwoId2"));
// Note that while this operation binds identifiers, it contains no unique ConditionKeys to bind.
assertThat(index.getConditionKeyNames(service, ShapeId.from("smithy.example#GetResource2")), is(empty()));

// Defined context keys are assembled from the names and mapped with the definitions.
assertThat(index.getDefinedConditionKeys(service).get("myservice:Resource1Id1").getDocumentation(),
not(Optional.empty()));
assertEquals(index.getDefinedConditionKeys(service).get("myservice:Resource2Id2").getDocumentation().get(),
assertEquals(index.getDefinedConditionKeys(service).get("myservice:ResourceTwoId2").getDocumentation().get(),
"This is Foo");
assertThat(index.getDefinedConditionKeys(service, ShapeId.from("smithy.example#GetResource2")).keySet(),
is(empty()));
Expand Down
1 change: 1 addition & 0 deletions ...src/test/resources/software/amazon/smithy/aws/iam/traits/successful-condition-keys.smithy
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ resource Resource1 {
resources: [Resource2]
}

@aws.iam#iamResource(name: "ResourceTwo")
resource Resource2 {
identifiers: {
id1: ArnString,
Expand Down