Merge branch 'main' into merge-smithy-rs-release-1.x.y-to-main

CHANGELOG.next.toml

@@ -32,3 +32,32 @@ result of the compilation."""
 references = ["aws-sdk-rust#975", "smithy-rs#3269"]
 meta = { "breaking" = false, "tada" = true, "bug" = false }
 author = "jdisanti"
+
+[[aws-sdk-rust]]
+message = """Add `test_credentials` to `ConfigLoader` in `aws_config`. This allows the following pattern during tests:
+
+```rust
+async fn main() {
+    let conf = aws_config::defaults(BehaviorVersion::latest())
+        .test_credentials()
+        .await;
+}
+```
+
+This is designed for unit tests and using local mocks like DynamoDB Local and LocalStack with the SDK.
+"""
+meta = { "breaking" = false, "tada" = true, "bug" = false }
+author = "rcoh"
+references = ["smithy-rs#3279", "aws-sdk-rust#971"]
+
+[[aws-sdk-rust]]
+message = "Improve the error messages for when auth fails to select an auth scheme for a request."
+references = ["aws-sdk-rust#979", "smithy-rs#3277"]
+meta = { "breaking" = false, "tada" = false, "bug" = false }
+author = "jdisanti"
+
+[[smithy-rs]]
+message = "Improve the error messages for when auth fails to select an auth scheme for a request."
+references = ["smithy-rs#3277"]
+meta = { "breaking" = false, "tada" = false, "bug" = false, "target" = "client" }
+author = "jdisanti"

aws/rust-runtime/aws-config/Cargo.toml

@@ -12,15 +12,17 @@ repository = "https://github.com/smithy-lang/smithy-rs"
 behavior-version-latest = []
 client-hyper = ["aws-smithy-runtime/connector-hyper-0-14-x"]
 rustls = ["aws-smithy-runtime/tls-rustls", "client-hyper"]
-allow-compilation = [] # our tests use `cargo test --all-features` and native-tls breaks CI
 rt-tokio = ["aws-smithy-async/rt-tokio", "aws-smithy-runtime/rt-tokio", "tokio/rt"]
 sso = ["dep:aws-sdk-sso", "dep:aws-sdk-ssooidc", "dep:ring", "dep:hex", "dep:zeroize", "aws-smithy-runtime-api/http-auth"]
 credentials-process = ["tokio/process"]
 
 default = ["client-hyper", "rustls", "rt-tokio", "credentials-process", "sso"]
 
+# deprecated: this feature does nothing
+allow-compilation = []
+
 [dependencies]
-aws-credential-types = { path = "../../sdk/build/aws-sdk/sdk/aws-credential-types" }
+aws-credential-types = { path = "../../sdk/build/aws-sdk/sdk/aws-credential-types", features = ["test-util"] }
 aws-http = { path = "../../sdk/build/aws-sdk/sdk/aws-http" }
 aws-sdk-sts = { path = "../../sdk/build/aws-sdk/sdk/sts", default-features = false }
 aws-smithy-async = { path = "../../sdk/build/aws-sdk/sdk/aws-smithy-async" }
@@ -52,7 +54,6 @@ zeroize = { version = "1", optional = true }
 aws-sdk-ssooidc = { path = "../../sdk/build/aws-sdk/sdk/ssooidc", default-features = false, optional = true }
 
 [dev-dependencies]
-aws-credential-types = { path = "../../sdk/build/aws-sdk/sdk/aws-credential-types", features = ["test-util"] }
 aws-smithy-runtime = { path = "../../sdk/build/aws-sdk/sdk/aws-smithy-runtime", features = ["client", "connector-hyper-0-14-x", "test-util"] }
 aws-smithy-runtime-api = { path = "../../sdk/build/aws-sdk/sdk/aws-smithy-runtime-api", features = ["test-util"] }
 futures-util = { version = "0.3.16", default-features = false }

aws/rust-runtime/aws-config/src/lib.rs

@@ -212,6 +212,7 @@ mod loader {
     use crate::profile::profile_file::ProfileFiles;
     use crate::provider_config::ProviderConfig;
     use aws_credential_types::provider::{ProvideCredentials, SharedCredentialsProvider};
+    use aws_credential_types::Credentials;
     use aws_smithy_async::rt::sleep::{default_async_sleep, AsyncSleep, SharedAsyncSleep};
     use aws_smithy_async::time::{SharedTimeSource, TimeSource};
     use aws_smithy_runtime_api::client::behavior_version::BehaviorVersion;
@@ -458,6 +459,10 @@ mod loader {
         /// anonymous auth for S3, calling operations in STS that don't require a signature,
         /// or using token-based auth.
         ///
+        /// **Note**: For tests, e.g. with a service like DynamoDB Local, this is **not** what you
+        /// want. If credentials are disabled, requests cannot be signed. For these use cases, use
+        /// [`test_credentials`](Self::test_credentials).
+        ///
         /// # Examples
         ///
         /// Turn off credentials in order to call a service without signing:
@@ -474,6 +479,11 @@ mod loader {
             self
         }
 
+        /// Set test credentials for use when signing requests
+        pub fn test_credentials(self) -> Self {
+            self.credentials_provider(Credentials::for_tests())
+        }
+
         /// Override the name of the app used to build [`SdkConfig`](aws_types::SdkConfig).
         ///
         /// This _optional_ name is used to identify the application in the user agent that

aws/sdk/integration-tests/dynamodb/tests/auth_scheme_error.rs

@@ -0,0 +1,32 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+use aws_sdk_dynamodb::config::Region;
+use aws_sdk_dynamodb::error::DisplayErrorContext;
+use aws_sdk_dynamodb::{Client, Config};
+use aws_smithy_runtime::assert_str_contains;
+use aws_smithy_runtime::client::http::test_util::capture_request;
+
+#[tokio::test]
+async fn auth_scheme_error() {
+    let (http_client, _) = capture_request(None);
+    let config = Config::builder()
+        .behavior_version_latest()
+        .http_client(http_client)
+        .region(Region::new("us-west-2"))
+        // intentionally omitting credentials_provider
+        .build();
+    let client = Client::from_conf(config);
+
+    let err = client
+        .list_tables()
+        .send()
+        .await
+        .expect_err("there is no credential provider, so this must fail");
+    assert_str_contains!(
+        DisplayErrorContext(&err).to_string(),
+        "\"sigv4\" wasn't a valid option because there was no identity resolver for it. Be sure to set an identity"
+    );
+}