Merge current main into the feature/http-1.x branch#4281
Merged
landonxjames merged 92 commits intofeature/http-1.xfrom Aug 27, 2025
Merged
Merge current main into the feature/http-1.x branch#4281landonxjames merged 92 commits intofeature/http-1.xfrom
main into the feature/http-1.x branch#4281landonxjames merged 92 commits intofeature/http-1.xfrom
Conversation
## Motivation and Context The previous tests mistakenly used the default credentials provider chain, which led to test failures during a release. This occurred because the chain hit a credentials provider that made a remote call (e.g., IMDS), causing the captured request to be exhausted, leading to a panic. To address this issue, the PR avoids using the default credentials provider chain. ## Testing ~Currently verifying in the release pipeline~ Verified ---- _By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._
If CI fails, commit the necessary fixes to this PR until all checks pass. If changes are required to [crateNameToLastKnownWorkingVersions](https://github.com/smithy-lang/smithy-rs/blob/92916b5484cdfef9ff58540ebf5e845eeeccf860/aws/sdk/build.gradle.kts#L504), revert the first commit in the PR, run `./gradlew aws:sdk:cargoUpdateAllLockfiles`, and commit the updated lockfiles. Co-authored-by: Aaron Todd <aajtodd@users.noreply.github.com>
## Motivation and Context <!--- Why is this change required? What problem does it solve? --> <!--- If it fixes an open issue, please link to the issue here --> Improve the CI build Docker image by updating the gradle binary caching logic to properly support both x86_64 and ARM64 (aarch64) architectures. ## Description <!--- Describe your changes in detail --> * Dynamically set JAVA_HOME based on the architecture of the build machine * Modified the smithy-rs repository cloning process to ensure gradle binary caching works consistently Note that this fixes a bug with our existing Dockerfile. We were manually setting `JAVA_HOME` to the `x86_64` variant of the Java binary from `yum`. This worked even on M series Macs because we never invoked Java in the image build and the image currently only runs on `x86_64` machines. But if you shelled into the container on a Mac and tried to run Gradle it would fail because yum actually downloaded the `aarch64` binary. The update to dynamically set `JAVA_HOME` accounts for this so now the container should work equally well on `x86_64` or `aarch64`. ## Testing <!--- Please describe in detail how you tested your changes --> <!--- Include details of your testing environment, and the tests you ran to --> <!--- see how your change affects other areas of the code, etc. --> Was able to build on my M1 mac and shell into the container and do some basic gradle builds. It successfully builds and runs all CI on GH, so should work in any environments we care about. ---- _By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._
## Motivation and Context
Implements fallback equality for no auth `AuthSchemeId` so that
`AuthSchemeId::from("no_auth")` (legacy) and
`AuthSchemeId::from("noAuth")` (updated) should be treated as
equivalent.
## Description
In #4203, the internal raw strings of pre-defined `AuthSchemeId` were
updated to better align with the Smithy spec
([discussion](#4203 (comment))).
Acknowledging that this was a breaking change and that customers should
not rely on these internal representations, we did receive reports of
issues related to this update. After discussion, we proceeded with
implementing fallback equality for no auth scheme ID to allow for a
safer rollout.
## Testing
- Added unit tests for manually implemented traits for `AuthSchemeId`,
`PartialEq`, `Hash`, and `Ord`
- Added an auth scheme preference test to verify the legacy `no_auth` is
supported
## Checklist
<!--- If a checkbox below is not applicable, then please DELETE it
rather than leaving it unchecked -->
- [x] For changes to the smithy-rs codegen or runtime crates, I have
created a changelog entry Markdown file in the `.changelog` directory,
specifying "client," "server," or both in the `applies_to` key.
- [x] For changes to the AWS SDK, generated SDK code, or SDK runtime
crates, I have created a changelog entry Markdown file in the
`.changelog` directory, specifying "aws-sdk-rust" in the `applies_to`
key.
----
_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
## Description Started as an investigation of #4227. I found that we 1. weren't utilizing most of our test suite (we only used 4 of the test directories from the v4 suite) and 2. that we had a bug in our canonical request implementation where we sort the query keys before encoding instead of after (see https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv-create-signed-request.html#create-canonical-request and the `get-vanilla-query-order-encoded` test). This PR does a few things: 1. Imported the CRT test suite and removed the old ones. * The previous test suite we were using is the older format that was in use and floating around before CRT updated it. The newer version of this has standardized the file format and includes both header and query versions of each test. * We were already using this format for the sigv4a tests so now all of our tests for v4 and v4a use the same format. It also has a few additional tests we didn't have. * Using the same format as CRT (and Kotlin) will make it easier to update the test suite or add new tests 3. Updates the test utils to be common across v4 and v4a. 4. Added new test cases we weren't running for both v4 and v4a. Also every test now generally tests both headers and query signature locations (before we were only testing for headers most of the time). 5. Fixed a bug in canonical request implementation where we sort the query keys before encoding instead of after (found by new test and pointed out by engineer on ARC team as well). 6. Migrated a few tests `double-encode-path` and `double-url-encode` that we used in several places to the newer format (only for headers not query which was missing). 7. Inlined the `iam` related test request where it is used 8. Added a new `insert_encoded` for `QueryWriter` to append an already encoded key/value pair and skip encoding. ## Testing * During the migration I kept both the old and new test suites around. Then removed the old suite after verifying the tests that utilized the same files still passed on the new test suite. ## Checklist <!--- If a checkbox below is not applicable, then please DELETE it rather than leaving it unchecked --> - [x] For changes to the AWS SDK, generated SDK code, or SDK runtime crates, I have created a changelog entry Markdown file in the `.changelog` directory, specifying "aws-sdk-rust" in the `applies_to` key. ---- _By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._
If CI fails, commit the necessary fixes to this PR until all checks pass. If changes are required to [crateNameToLastKnownWorkingVersions](https://github.com/smithy-lang/smithy-rs/blob/92916b5484cdfef9ff58540ebf5e845eeeccf860/aws/sdk/build.gradle.kts#L504), revert the first commit in the PR, run `./gradlew aws:sdk:cargoUpdateAllLockfiles`, and commit the updated lockfiles.
## Motivation and Context <!--- Why is this change required? What problem does it solve? --> <!--- If it fixes an open issue, please link to the issue here --> Merging the feature branch containing work from the below two PRs: * #4238 * #4224 ## Checklist <!--- If a checkbox below is not applicable, then please DELETE it rather than leaving it unchecked --> - [x] For changes to the AWS SDK, generated SDK code, or SDK runtime crates, I have created a changelog entry Markdown file in the `.changelog` directory, specifying "aws-sdk-rust" in the `applies_to` key. ---- _By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._ --------- Co-authored-by: AWS SDK Rust Bot <97246200+aws-sdk-rust-ci@users.noreply.github.com>
…igning names are `bedrock` (#4241) ## Motivation and Context Adds support for environment token provider for AWS services whose SigV4 service signing name matches `bedrock`. Setting this environment variable, `AWS_BEARER_TOKEN_BEDROCK`, allows SDKs to prefer the `httpBearerAuth` auth scheme and to retrieve a `Token` value from the said environment. ## Description Customers would use the environment variable in question like so: ``` // export AWS_BEARER_TOKEN_BEDROCK=my-token let sdk_config = aws_config::defaults(BehaviorVersion::latest()).load().await; let bedrock_client = aws_sdk_bedrock::Client::new(&sdk_config); // call an operation on `bedrock_client`... ``` Under the hood, this is equivalent roughly to ``` let sdk_config = aws_config::defaults(BehaviorVersion::latest()).load().await; let bedrock_config = aws_sdk_bedrock::config::Builder::from(sdk_config) .auth_scheme_preference([HTTP_BEARER_AUTH_SCHEME_ID]) .token_provider(Token::new("my-token", None)) .build(); let bedrock_client = aws_sdk_bedrock::Client::from_conf(bedrock_config); // call an operation on `bedrock_client`... ``` This behind-the-scenes convenience is implemented in `impl From<&SdkConfig> for Builder`, similar to how a service-specific environment is implemented for the [endpoint URL](https://docs.aws.amazon.com/sdkref/latest/guide/feature-ss-endpoints.html#ss-endpoints-envar). However, `impl From<&SdkConfig> for Builder` implies that customers need to create a service client from `SdkConfig` (typically through [ConfigLoader::load](https://docs.rs/aws-config/latest/aws_config/struct.ConfigLoader.html#method.load)) in order to take advantage of the environment variable. If customers create the service client directly from the service config builder, the environment variable will not be applied, i.e. ``` // export AWS_BEARER_TOKEN_BEDROCK=my-token let bedrock_config = aws_sdk_bedrock::Config::builder() // other configurations .build(); let bedrock_client = aws_sdk_bedrock::Client::from_conf(bedrock_config); // `bedrock_client` neither prefers HTTP_BEARER_AUTH_SCHEME_ID nor sets a Token with my-token. ``` ## Testing - Added integration tests for `bedrockruntime` (whose model is already checked in to `aws/sdk/aws-models`) ## Checklist - [x] For changes to the AWS SDK, generated SDK code, or SDK runtime crates, I have created a changelog entry Markdown file in the `.changelog` directory, specifying "aws-sdk-rust" in the `applies_to` key. ---- _By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._
…4039) ## Motivation and Context <!--- Why is this change required? What problem does it solve? --> Allows users to use decorators to add additional attributes to members of an enum. <!--- If it fixes an open issue, please link to the issue here --> N/A ## Description <!--- Describe your changes in detail --> Adds `EnumSection` with named `AdditionalMemberAttributes` to allow decorators to modify enum codegen. ## Testing <!--- Please describe in detail how you tested your changes --> Could not find existing unit tests for customizations; please advise if you would like them to be added here. Ran `./gradlew` to ensure current tests pass. <!--- Include details of your testing environment, and the tests you ran to --> <!--- see how your change affects other areas of the code, etc. --> ## Checklist <!--- If a checkbox below is not applicable, then please DELETE it rather than leaving it unchecked --> - [X] For changes to the smithy-rs codegen or runtime crates, I have created a changelog entry Markdown file in the `.changelog` directory, specifying "client," "server," or both in the `applies_to` key. ---- _By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._ --------- Co-authored-by: Landon James <lnj@amazon.com> Co-authored-by: ysaito1001 <awsaito@amazon.com>
## Motivation and Context <!--- Why is this change required? What problem does it solve? --> <!--- If it fixes an open issue, please link to the issue here --> Fixing bug from #4039. It is breaking the diff generation ([ex](https://github.com/smithy-lang/smithy-rs/actions/runs/16690158842/job/47246940590?pr=4243)) in other PRs. Can't seem to fix it in the other PR since the diff always picks up the older broken revision, so doing a small stand-alone PR to get this in. ## Description <!--- Describe your changes in detail --> ## Testing <!--- Please describe in detail how you tested your changes --> <!--- Include details of your testing environment, and the tests you ran to --> <!--- see how your change affects other areas of the code, etc. --> ---- _By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._
## Motivation and Context <!--- Why is this change required? What problem does it solve? --> <!--- If it fixes an open issue, please link to the issue here --> Continuing the work started in #4208, the new feature we are utilizing is explained in https://blog.rust-lang.org/inside-rust/2025/07/15/call-for-testing-hint-mostly-unused ## Description <!--- Describe your changes in detail --> Add a new `ManifestHintsDecorator` that allows adding a `[hints]` section to a generated `Cargo.toml`. This also introduces a new optional entry in `smithy-build.json`, `hintsMostlyUnusedList` that allows indicating which crates this should be enabled for. Currently this is only enabled for `aws-sdk-s3`, `aws-sdk-dynamodb`, and `aws-sdk-ec2`. ## Testing <!--- Please describe in detail how you tested your changes --> <!--- Include details of your testing environment, and the tests you ran to --> <!--- see how your change affects other areas of the code, etc. --> I tested both debug and release builds of the crates, with and without the hint on an M1 Macbook Pro. You can see the full data below, but the general outcome is that release builds are ~50% faster with the hint and debug builds are ~40% faster. A release build of the `aws-sdk-ec2` crate went from `124.1s` without the hint to `59.1s` with it. <details><summary>Expand To See Test Data</summary> <p> All tests run after deleting the `target/` dir ## Debug No Hint `cargo build --timings` ``` ||Unit|Total|Codegen|Features| |---|---|---|---|---| |1.|aws-sdk-ec2 v0.0.0-local|104.8s|27.9s (27%)|default, default-https-client, rt-tokio, rustls| |2.|aws-lc-sys v0.30.0 build script (run)|26.1s||prebuilt-nasm| |3.|aws-sdk-s3 v0.0.0-local|21.2s|5.2s (24%)|default, default-https-client, rt-tokio, rustls, sigv4a| |4.|aws-sdk-dynamodb v0.0.0-local|13.7s|4.0s (29%)|default, default-https-client, rt-tokio, rustls| ``` | Unit | Total | Codegen | | ---------------- | ------ | ----------- | | aws-sdk-ec2 | 104.8s | 27.9s (27%) | | aws-sdk-s3 | 21.2s | 5.2s (24%) | | aws-sdk-dynamodb | 13.7s | 4.0s (29%) | ## Debug Hint `cargo +nightly -Zprofile-hint-mostly-unused build --timings` ``` ||Unit|Total|Codegen|Features| |---|---|---|---|---| |1.|aws-sdk-ec2 v0.0.0-local|66.4s|2.4s (4%)|default, default-https-client, rt-tokio, rustls| |2.|aws-lc-sys v0.30.0 build script (run)|25.0s||prebuilt-nasm| |3.|aws-sdk-s3 v0.0.0-local|14.6s|0.8s (5%)|default, default-https-client, rt-tokio, rustls, sigv4a| |4.|aws-sdk-dynamodb v0.0.0-local|9.1s|0.4s (4%)|default, default-https-client, rt-tokio, rustls| ``` | Unit | Total | Codegen | | ---------------- | ----- | --------- | | aws-sdk-ec2 | 66.4s | 2.4s (4%) | | aws-sdk-s3 | 14.6s | 0.8s (5%) | | aws-sdk-dynamodb | 9.1s | 0.4s (4%) | ## Release No Hint `cargo build --timings --release ` ``` ||Unit|Total|Codegen|Features| |---|---|---|---|---| |1.|aws-sdk-ec2 v0.0.0-local|124.1s|54.3s (44%)|default, default-https-client, rt-tokio, rustls| |2.|aws-lc-sys v0.30.0 build script (run)|34.3s||prebuilt-nasm| |3.|aws-sdk-s3 v0.0.0-local|28.5s|11.4s (40%)|default, default-https-client, rt-tokio, rustls, sigv4a| |4.|aws-sdk-dynamodb v0.0.0-local|19.3s|8.5s (44%)|default, default-https-client, rt-tokio, rustls| ``` | Unit | Total | Codegen | | ---------------- | ------ | ----------- | | aws-sdk-ec2 | 124.1s | 54.3s (44%) | | aws-sdk-s3 | 28.5s | 11.4s (40%) | | aws-sdk-dynamodb | 19.3s | 8.5s (44%) | ## Release Hint `cargo +nightly -Zprofile-hint-mostly-unused build --timings --release` ``` ||Unit|Total|Codegen|Features| |---|---|---|---|---| |1.|aws-sdk-ec2 v0.0.0-local|59.1s|1.0s (2%)|default, default-https-client, rt-tokio, rustls| |2.|aws-lc-sys v0.30.0 build script (run)|34.4s||prebuilt-nasm| |3.|aws-sdk-s3 v0.0.0-local|14.7s|0.4s (3%)|default, default-https-client, rt-tokio, rustls, sigv4a| |4.|tokio v1.47.1|11.1s|7.3s (65%)|bytes, default, fs, full, io-std, io-util, libc, macros, mio, net, parking_lot, process, rt, rt-multi-thread, signal, signal-hook-registry, socket2, sync, time, tokio-macros| |5.|aws-sdk-dynamodb v0.0.0-local|10.4s|0.4s (4%)|default, default-https-client, rt-tokio, rustls| ``` | Unit | Total | Codegen | | ---------------- | ----- | --------- | | aws-sdk-ec2 | 59.1s | 1.0s (2%) | | aws-sdk-s3 | 14.7s | 0.4s (3%) | | aws-sdk-dynamodb | 10.4s | 0.4s (4%) | </p> </details> ## Checklist <!--- If a checkbox below is not applicable, then please DELETE it rather than leaving it unchecked --> - [x] For changes to the smithy-rs codegen or runtime crates, I have created a changelog entry Markdown file in the `.changelog` directory, specifying "client," "server," or both in the `applies_to` key. - [x] For changes to the AWS SDK, generated SDK code, or SDK runtime crates, I have created a changelog entry Markdown file in the `.changelog` directory, specifying "aws-sdk-rust" in the `applies_to` key. ---- _By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._
## Motivation and Context <!--- Why is this change required? What problem does it solve? --> <!--- If it fixes an open issue, please link to the issue here --> ## Description <!--- Describe your changes in detail --> ## Testing <!--- Please describe in detail how you tested your changes --> <!--- Include details of your testing environment, and the tests you ran to --> <!--- see how your change affects other areas of the code, etc. --> ---- _By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._
A release build of a crate with a dependency on only `aws-sdk-rds` went from 1m34s to 49s with this hint.
A release build of a crate with a dependency on only `aws-sdk-lambda` went from 57s to 40s with this hint.
## Description <!--- Describe your changes in detail --> Yesterday's release failed internally due to sdk-perf benchmark failing to build. This PR updates the lockfiles and adds building the benchmarks to CI to close this gap between internal release pipeline and CI. ---- _By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
cargoUpdateAllLockfiles Fix sigv4 test issues
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
|
A new generated diff is ready to view.
A new doc preview is ready to view. |
aajtodd
approved these changes
Aug 27, 2025
ysaito1001
approved these changes
Aug 27, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation and Context
The
feature/http-1.xbranch has gone several weeks without a merge from main. Catching it back up so it is ready when the server team gets to it.Testing
There are obviously still some failing tests here, but those should all be expected. They fall into two categories:
check-server-*,check-book, andcheck-fuzzgen.Check PR semver complianceandCheck for semver hazards.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.