smithy-lang · syall · Aug 18, 2023 · Aug 18, 2023 · Aug 18, 2023
@@ -47,4 +47,5 @@ dependencies {
     implementation(project(":smithy-typescript-ssdk-codegen-test-utils"))
     implementation("software.amazon.smithy:smithy-waiters:$smithyVersion")
     implementation("software.amazon.smithy:smithy-protocol-test-traits:$smithyVersion")
+    implementation("software.amazon.smithy:smithy-aws-traits:$smithyVersion")
 }
@@ -2,20 +2,59 @@ $version: "2.0"
 
 namespace example.weather
 
+use aws.auth#sigv4
 use smithy.test#httpRequestTests
 use smithy.test#httpResponseTests
 use smithy.waiters#waitable
 
 /// Provides weather forecasts.
 @fakeProtocol
 @httpApiKeyAuth(name: "X-Api-Key", in: "header")
+@httpBearerAuth
+@sigv4(name: "weather")
+@auth([sigv4])
 @paginated(inputToken: "nextToken", outputToken: "nextToken", pageSize: "pageSize")
 service Weather {
     version: "2006-03-01"
     resources: [City]
-    operations: [GetCurrentTime, Invoke]
+    operations: [
+        GetCurrentTime
+        // util-stream.integ.spec.ts
+        Invoke
+        // experimentalIdentityAndAuth
+        OnlyHttpApiKeyAuth
+        OnlyHttpBearerAuth
+        OnlyHttpApiKeyAndBearerAuth
+        OnlyHttpApiKeyAndBearerAuthReversed
+        OnlyHttpApiKeyAuthOptional
+        SameAsService
+    ]
 }
 
+@http(method: "GET", uri: "/OnlyHttpApiKeyAuth")
+@auth([httpApiKeyAuth])
+operation OnlyHttpApiKeyAuth {}
+
+@http(method: "GET", uri: "/OnlyHttpBearerAuth")
+@auth([httpBearerAuth])
+operation OnlyHttpBearerAuth {}
+
+@http(method: "GET", uri: "/OnlyHttpApiKeyAndBearerAuth")
+@auth([httpApiKeyAuth, httpBearerAuth])
+operation OnlyHttpApiKeyAndBearerAuth {}
+
+@http(method: "GET", uri: "/OnlyHttpApiKeyAndBearerAuthReversed")
+@auth([httpBearerAuth, httpApiKeyAuth])
+operation OnlyHttpApiKeyAndBearerAuthReversed {}
+
+@http(method: "GET", uri: "/OnlyHttpApiKeyAuthOptional")
+@auth([httpApiKeyAuth])
+@optionalAuth
+operation OnlyHttpApiKeyAuthOptional {}
+
+@http(method: "GET", uri: "/SameAsService")
+operation SameAsService {}
+
 resource City {
     identifiers: {cityId: CityId}
     create: CreateCity

@@ -18,15 +18,14 @@
 import java.nio.file.Paths;
 import java.util.HashMap;
 import java.util.List;
-import java.util.Set;
 import java.util.function.BiConsumer;
 import java.util.function.Consumer;
 import software.amazon.smithy.codegen.core.Symbol;
 import software.amazon.smithy.model.Model;
 import software.amazon.smithy.model.knowledge.ServiceIndex;
-import software.amazon.smithy.model.knowledge.TopDownIndex;
 import software.amazon.smithy.model.shapes.OperationShape;
 import software.amazon.smithy.model.shapes.ServiceShape;
+import software.amazon.smithy.model.shapes.ShapeId;
 import software.amazon.smithy.model.traits.HttpApiKeyAuthTrait;
 import software.amazon.smithy.model.traits.OptionalAuthTrait;
 import software.amazon.smithy.typescript.codegen.CodegenUtils;
@@ -93,10 +92,7 @@ public List<RuntimeClientPlugin> getClientPlugins() {
                             s.expectTrait(HttpApiKeyAuthTrait.class).getScheme().ifPresent(scheme ->
                                     put("scheme", scheme));
                     }})
-                    .operationPredicate((m, s, o) -> ServiceIndex.of(m).getEffectiveAuthSchemes(s, o)
-                            .keySet()
-                            .contains(HttpApiKeyAuthTrait.ID)
-                            && !o.hasTrait(OptionalAuthTrait.class))
+                    .operationPredicate((m, s, o) -> hasEffectiveHttpApiKeyAuthTrait(m, s, o))
                     .settingsPredicate((m, s, settings) -> !settings.getExperimentalIdentityAndAuth())
                     .build()
         );
@@ -170,28 +166,33 @@ private void writeAdditionalExports(
         }
     }
 
-    // The service has the effective trait if it's in the "effective auth schemes" response
-    // AND if not all of the operations have the optional auth trait.
-    private static boolean hasEffectiveHttpApiKeyAuthTrait(Model model, ServiceShape service) {
-        return ServiceIndex.of(model).getEffectiveAuthSchemes(service)
-                .keySet()
-                .contains(HttpApiKeyAuthTrait.ID)
-                && !areAllOptionalAuthOperations(model, service);
+    // If no operations use it, then the service doesn't use it
+    private static boolean hasEffectiveHttpApiKeyAuthTrait(
+        Model model,
+        ServiceShape service
+    ) {
+        ServiceIndex serviceIndex = ServiceIndex.of(model);
+        for (ShapeId id : service.getAllOperations()) {
+            OperationShape operation = model.expectShape(id, OperationShape.class);
+            if (operation.hasTrait(OptionalAuthTrait.ID)) {
+                continue;
+            }
+            if (serviceIndex.getEffectiveAuthSchemes(service, operation).containsKey(HttpApiKeyAuthTrait.ID)) {
+                return true;
+            }
+        }
+        return false;
     }
 
-
-    // This is derived from https://github.com/aws/aws-sdk-js-v3/blob/main/codegen/smithy-aws-typescript-codegen/src/main/java/software/amazon/smithy/aws/typescript/codegen/AddAwsAuthPlugin.java.
-    private static boolean areAllOptionalAuthOperations(Model model, ServiceShape service) {
-        TopDownIndex topDownIndex = TopDownIndex.of(model);
-        Set<OperationShape> operations = topDownIndex.getContainedOperations(service);
-        ServiceIndex index = ServiceIndex.of(model);
-
-        for (OperationShape operation : operations) {
-            if (index.getEffectiveAuthSchemes(service, operation).isEmpty()
-                    || !operation.hasTrait(OptionalAuthTrait.class)) {
-                return false;
-            }
+    private static boolean hasEffectiveHttpApiKeyAuthTrait(
+        Model model,
+        ServiceShape service,
+        OperationShape operation
+    ) {
+        if (operation.hasTrait(OptionalAuthTrait.class)) {
+            return false;
         }
-        return true;
+        return ServiceIndex.of(model)
+            .getEffectiveAuthSchemes(service, operation).containsKey(HttpApiKeyAuthTrait.ID);
     }
 }