From 72ae1a00783d80987a8d85cf22804e3ea98ef460 Mon Sep 17 00:00:00 2001 From: sbiscigl Date: Tue, 31 Mar 2026 12:07:37 -0400 Subject: [PATCH 1/2] enable HTTPS_PROXY var for crt credentials providers --- .../auth/ProfileCredentialsProvider.cpp | 27 ++++++++++++++++--- .../source/auth/STSCredentialsProvider.cpp | 8 ++++++ 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/src/aws-cpp-sdk-core/source/auth/ProfileCredentialsProvider.cpp b/src/aws-cpp-sdk-core/source/auth/ProfileCredentialsProvider.cpp index 04878b34916e..7ce8c7109db8 100644 --- a/src/aws-cpp-sdk-core/source/auth/ProfileCredentialsProvider.cpp +++ b/src/aws-cpp-sdk-core/source/auth/ProfileCredentialsProvider.cpp @@ -1,9 +1,15 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ +#include #include #include #include #include #include #include +#include #include @@ -17,6 +23,23 @@ const char PROFILE_AWS_CREDENTIALS_FILE[] = "AWS_SHARED_CREDENTIALS_FILE"; const char PROFILE_DEFAULT_CREDENTIALS_FILE[] = "credentials"; const char PROFILE_PROFILE_DIRECTORY[] = ".aws"; const long DEFAULT_REFRESH_RATE_MS = 300000; + +std::shared_ptr GetProfileCrtProvider(const char* profile) { + CredentialsProviderProfileConfig config{}; + config.ProfileNameOverride = Aws::Crt::ByteCursorFromCString(profile); + config.Bootstrap = Aws::GetDefaultClientBootstrap(); + + Aws::Crt::Http::ProxyEnvVarOptions options{}; + options.proxyEnvVarType = Aws::Crt::Http::ProxyEnvVarType::Enabled; + options.connectionType = Aws::Crt::Http::AwsHttpProxyConnectionType::Legacy; + const auto tlsOptions = Aws::GetDefaultTlsConnectionOptions(); + if (tlsOptions) { + options.TlsOptions = *tlsOptions; + } + config.ProxyEnvVarOptions = options; + + return CredentialsProvider::CreateCredentialsProviderProfile(config); +} } // namespace class ProfileCredentialsProvider::ProfileCredentialsProviderImp : public CrtCredentialsProvider { @@ -32,9 +55,7 @@ class ProfileCredentialsProvider::ProfileCredentialsProviderImp : public CrtCred ProfileCredentialsProviderImp(const char* profile) : CrtCredentialsProvider( [profile]() -> std::shared_ptr { - CredentialsProviderProfileConfig config; - config.ProfileNameOverride = Aws::Crt::ByteCursorFromCString(profile); - return CredentialsProvider::CreateCredentialsProviderProfile(config); + return GetProfileCrtProvider(profile); }, std::chrono::milliseconds(DEFAULT_REFRESH_RATE_MS), UserAgentFeature::CREDENTIALS_PROFILE, "ProfileCredentialsProvider") {} diff --git a/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp b/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp index 86833a144e20..b7180d46a84a 100644 --- a/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp +++ b/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp @@ -35,6 +35,14 @@ std::shared_ptr GetSTSCrtProvider( }() .c_str(); + Aws::Crt::Http::ProxyEnvVarOptions options{}; + options.proxyEnvVarType = Aws::Crt::Http::ProxyEnvVarType::Enabled; + options.connectionType = Aws::Crt::Http::AwsHttpProxyConnectionType::Legacy; + if (tlsOptions) { + options.TlsOptions = *tlsOptions; + } + stsConfig.ProxyEnvVarOptions = options; + return Aws::Crt::Auth::CredentialsProvider::CreateCredentialsProviderSTSWebIdentity(stsConfig); } } // namespace From 32df66d342dc7e2e2cfcd2e9b65354b200555a1a Mon Sep 17 00:00:00 2001 From: sbiscigl Date: Wed, 20 May 2026 17:03:57 -0400 Subject: [PATCH 2/2] wip - fix the problems --- .../core/auth/ProfileCredentialsProvider.h | 7 ++ .../aws/core/client/ClientConfiguration.h | 15 ++++ .../auth/AWSCredentialsProviderChain.cpp | 2 +- .../auth/ProfileCredentialsProvider.cpp | 40 +++++++---- .../source/auth/STSCredentialsProvider.cpp | 69 ++++++++++--------- .../source/client/ClientConfiguration.cpp | 10 +++ .../velocity/cpp/ServiceClientSourceInit.vm | 2 +- .../ServiceClientSourceLegacyConstructors.vm | 2 +- .../cpp/smithy/SmithyClientSourceInit.vm | 26 +++---- 9 files changed, 112 insertions(+), 61 deletions(-) diff --git a/src/aws-cpp-sdk-core/include/aws/core/auth/ProfileCredentialsProvider.h b/src/aws-cpp-sdk-core/include/aws/core/auth/ProfileCredentialsProvider.h index 45b8d7513010..daaf9e8d17a2 100644 --- a/src/aws-cpp-sdk-core/include/aws/core/auth/ProfileCredentialsProvider.h +++ b/src/aws-cpp-sdk-core/include/aws/core/auth/ProfileCredentialsProvider.h @@ -1,6 +1,7 @@ #pragma once #include +#include #include #include #include @@ -25,6 +26,12 @@ class AWS_CORE_API ProfileCredentialsProvider : public AWSCredentialsProvider { */ ProfileCredentialsProvider(const char* profile, long refreshRateMs = REFRESH_THRESHOLD); + /** + * Initializes from a CredentialProviderConfiguration so settings such as allowSystemProxy can flow through. + */ + ProfileCredentialsProvider(const Aws::Client::ClientConfiguration::CredentialProviderConfiguration& config, + long refreshRateMs = REFRESH_THRESHOLD); + /** * Retrieves the credentials if found, otherwise returns empty credential set. */ diff --git a/src/aws-cpp-sdk-core/include/aws/core/client/ClientConfiguration.h b/src/aws-cpp-sdk-core/include/aws/core/client/ClientConfiguration.h index 203022fa2253..d794985357ad 100644 --- a/src/aws-cpp-sdk-core/include/aws/core/client/ClientConfiguration.h +++ b/src/aws-cpp-sdk-core/include/aws/core/client/ClientConfiguration.h @@ -526,6 +526,13 @@ namespace Aws */ Aws::String region; + /** + * Allow CRT-based credential providers to honor HTTP_PROXY / HTTPS_PROXY / NO_PROXY environment + * variables when fetching credentials. Off by default to mirror ClientConfiguration::allowSystemProxy + * and avoid silently routing credential traffic through an unintended proxy. + */ + bool allowSystemProxy = false; + /** * IMDS configuration settings */ @@ -597,6 +604,14 @@ namespace Aws } loginCredentialProviderConfig; } credentialProviderConfig; + /** + * Returns a copy of credentialProviderConfig with parent fields (such as allowSystemProxy) re-synced + * from their current values on this ClientConfiguration. Use this at the point of constructing a + * credentials provider so post-construction assignments to parent fields are picked up; reading + * credentialProviderConfig directly captures values from ClientConfiguration construction time only. + */ + CredentialProviderConfiguration ResolveCredentialProviderConfig() const; + /** * Authentication scheme preferences in order of preference. * First available auth scheme will be used for each operation. diff --git a/src/aws-cpp-sdk-core/source/auth/AWSCredentialsProviderChain.cpp b/src/aws-cpp-sdk-core/source/auth/AWSCredentialsProviderChain.cpp index c40e7bd34ebe..d2ea774faf8b 100644 --- a/src/aws-cpp-sdk-core/source/auth/AWSCredentialsProviderChain.cpp +++ b/src/aws-cpp-sdk-core/source/auth/AWSCredentialsProviderChain.cpp @@ -90,7 +90,7 @@ DefaultAWSCredentialsProviderChain::DefaultAWSCredentialsProviderChain() : AWSCr DefaultAWSCredentialsProviderChain::DefaultAWSCredentialsProviderChain(const Aws::Client::ClientConfiguration::CredentialProviderConfiguration& config) : AWSCredentialsProviderChain() { AddProvider(Aws::MakeShared(DefaultCredentialsProviderChainTag)); - AddProvider(Aws::MakeShared(DefaultCredentialsProviderChainTag,config.profile.c_str())); + AddProvider(Aws::MakeShared(DefaultCredentialsProviderChainTag, config)); AddProvider(Aws::MakeShared(DefaultCredentialsProviderChainTag, config)); AddProvider(Aws::MakeShared(DefaultCredentialsProviderChainTag,config.profile)); AddProvider(Aws::MakeShared(DefaultCredentialsProviderChainTag, config)); diff --git a/src/aws-cpp-sdk-core/source/auth/ProfileCredentialsProvider.cpp b/src/aws-cpp-sdk-core/source/auth/ProfileCredentialsProvider.cpp index 7ce8c7109db8..b37ead67edda 100644 --- a/src/aws-cpp-sdk-core/source/auth/ProfileCredentialsProvider.cpp +++ b/src/aws-cpp-sdk-core/source/auth/ProfileCredentialsProvider.cpp @@ -24,19 +24,25 @@ const char PROFILE_DEFAULT_CREDENTIALS_FILE[] = "credentials"; const char PROFILE_PROFILE_DIRECTORY[] = ".aws"; const long DEFAULT_REFRESH_RATE_MS = 300000; -std::shared_ptr GetProfileCrtProvider(const char* profile) { +std::shared_ptr GetProfileCrtProvider( + const Aws::Client::ClientConfiguration::CredentialProviderConfiguration& credentialsConfig) { CredentialsProviderProfileConfig config{}; - config.ProfileNameOverride = Aws::Crt::ByteCursorFromCString(profile); + config.ProfileNameOverride = Aws::Crt::ByteCursorFromCString(credentialsConfig.profile.c_str()); config.Bootstrap = Aws::GetDefaultClientBootstrap(); - - Aws::Crt::Http::ProxyEnvVarOptions options{}; - options.proxyEnvVarType = Aws::Crt::Http::ProxyEnvVarType::Enabled; - options.connectionType = Aws::Crt::Http::AwsHttpProxyConnectionType::Legacy; const auto tlsOptions = Aws::GetDefaultTlsConnectionOptions(); if (tlsOptions) { - options.TlsOptions = *tlsOptions; + config.TlsConnectionOptions = *tlsOptions; + } + + if (credentialsConfig.allowSystemProxy) { + Aws::Crt::Http::ProxyEnvVarOptions options{}; + options.proxyEnvVarType = Aws::Crt::Http::ProxyEnvVarType::Enabled; + options.connectionType = Aws::Crt::Http::AwsHttpProxyConnectionType::Legacy; + if (tlsOptions) { + options.TlsOptions = *tlsOptions; + } + config.ProxyEnvVarOptions = options; } - config.ProxyEnvVarOptions = options; return CredentialsProvider::CreateCredentialsProviderProfile(config); } @@ -52,10 +58,10 @@ class ProfileCredentialsProvider::ProfileCredentialsProviderImp : public CrtCred }, std::chrono::milliseconds(DEFAULT_REFRESH_RATE_MS), UserAgentFeature::CREDENTIALS_PROFILE, "ProfileCredentialsProvider") {} - ProfileCredentialsProviderImp(const char* profile) + ProfileCredentialsProviderImp(const Aws::Client::ClientConfiguration::CredentialProviderConfiguration& credentialsConfig) : CrtCredentialsProvider( - [profile]() -> std::shared_ptr { - return GetProfileCrtProvider(profile); + [credentialsConfig]() -> std::shared_ptr { + return GetProfileCrtProvider(credentialsConfig); }, std::chrono::milliseconds(DEFAULT_REFRESH_RATE_MS), UserAgentFeature::CREDENTIALS_PROFILE, "ProfileCredentialsProvider") {} @@ -84,8 +90,16 @@ ProfileCredentialsProvider::ProfileCredentialsProvider(long refreshRateMs) : m_i AWS_UNREFERENCED_PARAM(refreshRateMs); } -ProfileCredentialsProvider::ProfileCredentialsProvider(const char* profile, long refreshRateMs) - : m_impl(std::make_shared(profile)) { +ProfileCredentialsProvider::ProfileCredentialsProvider(const char* profile, long refreshRateMs) { + Aws::Client::ClientConfiguration::CredentialProviderConfiguration credentialsConfig{}; + credentialsConfig.profile = profile; + m_impl = std::make_shared(credentialsConfig); + AWS_UNREFERENCED_PARAM(refreshRateMs); +} + +ProfileCredentialsProvider::ProfileCredentialsProvider( + const Aws::Client::ClientConfiguration::CredentialProviderConfiguration& credentialsConfig, long refreshRateMs) + : m_impl(std::make_shared(credentialsConfig)) { AWS_UNREFERENCED_PARAM(refreshRateMs); } diff --git a/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp b/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp index b7180d46a84a..e8d24c2b407b 100644 --- a/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp +++ b/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp @@ -18,8 +18,6 @@ std::shared_ptr GetSTSCrtProvider( Aws::Crt::Io::ClientBootstrap* defaultClientBootstrap) { Aws::Crt::Auth::CredentialsProviderSTSWebIdentityConfig stsConfig{}; stsConfig.Bootstrap = defaultClientBootstrap; - Aws::Crt::Io::TlsContextOptions tlsCtxOptions = Aws::Crt::Io::TlsContextOptions::InitDefaultClient(); - const Aws::Crt::Io::TlsContext tlsContext(tlsCtxOptions, Aws::Crt::Io::TlsMode::CLIENT); const auto tlsOptions = Aws::GetDefaultTlsConnectionOptions(); if (tlsOptions) { stsConfig.TlsConnectionOptions = *tlsOptions; @@ -35,26 +33,18 @@ std::shared_ptr GetSTSCrtProvider( }() .c_str(); - Aws::Crt::Http::ProxyEnvVarOptions options{}; - options.proxyEnvVarType = Aws::Crt::Http::ProxyEnvVarType::Enabled; - options.connectionType = Aws::Crt::Http::AwsHttpProxyConnectionType::Legacy; - if (tlsOptions) { - options.TlsOptions = *tlsOptions; + if (credentialsConfig.allowSystemProxy) { + Aws::Crt::Http::ProxyEnvVarOptions options{}; + options.proxyEnvVarType = Aws::Crt::Http::ProxyEnvVarType::Enabled; + options.connectionType = Aws::Crt::Http::AwsHttpProxyConnectionType::Legacy; + if (tlsOptions) { + options.TlsOptions = *tlsOptions; + } + stsConfig.ProxyEnvVarOptions = options; } - stsConfig.ProxyEnvVarOptions = options; return Aws::Crt::Auth::CredentialsProvider::CreateCredentialsProviderSTSWebIdentity(stsConfig); } -} // namespace - -STSAssumeRoleWebIdentityCredentialsProvider::STSAssumeRoleWebIdentityCredentialsProvider( - const Aws::Client::ClientConfiguration::CredentialProviderConfiguration& credentialsConfig) - : CrtCredentialsProvider{[&credentialsConfig]() -> std::shared_ptr { - return GetSTSCrtProvider(credentialsConfig, GetDefaultClientBootstrap()); - }, - credentialsConfig.stsCredentialsProviderConfig.retrieveCredentialsFutureTimeout, - Aws::Client::UserAgentFeature::CREDENTIALS_STS_WEB_IDENTITY_TOKEN, - "STSAssumeRoleWebIdentityCredentialsProvider"} {} Aws::String GetLegacySettingFromEnvOrProfile(const Aws::String& envVar, std::function profileFetchFunction) { @@ -66,20 +56,35 @@ Aws::String GetLegacySettingFromEnvOrProfile(const Aws::String& envVar, return value; } +Aws::Client::ClientConfiguration::CredentialProviderConfiguration BuildLegacyConfig() { + Aws::Client::ClientConfiguration::CredentialProviderConfiguration config{}; + config.profile = Aws::Auth::GetConfigProfileName(); + config.region = GetLegacySettingFromEnvOrProfile( + "AWS_DEFAULT_REGION", + [](const Aws::Config::Profile& profile) -> Aws::String { return profile.GetRegion(); }); + config.stsCredentialsProviderConfig.roleArn = GetLegacySettingFromEnvOrProfile( + "AWS_ROLE_ARN", + [](const Aws::Config::Profile& profile) -> Aws::String { return profile.GetRoleArn(); }); + config.stsCredentialsProviderConfig.sessionName = GetLegacySettingFromEnvOrProfile( + "AWS_ROLE_SESSION_NAME", + [](const Aws::Config::Profile& profile) -> Aws::String { return profile.GetValue("role_session_name"); }); + config.stsCredentialsProviderConfig.tokenFilePath = GetLegacySettingFromEnvOrProfile( + "AWS_WEB_IDENTITY_TOKEN_FILE", + [](const Aws::Config::Profile& profile) -> Aws::String { return profile.GetValue("web_identity_token_file"); }); + return config; +} +} // namespace + +STSAssumeRoleWebIdentityCredentialsProvider::STSAssumeRoleWebIdentityCredentialsProvider( + const Aws::Client::ClientConfiguration::CredentialProviderConfiguration& credentialsConfig) + : CrtCredentialsProvider{[&credentialsConfig]() -> std::shared_ptr { + return GetSTSCrtProvider(credentialsConfig, GetDefaultClientBootstrap()); + }, + credentialsConfig.stsCredentialsProviderConfig.retrieveCredentialsFutureTimeout, + Aws::Client::UserAgentFeature::CREDENTIALS_STS_WEB_IDENTITY_TOKEN, + "STSAssumeRoleWebIdentityCredentialsProvider"} {} + STSAssumeRoleWebIdentityCredentialsProvider::STSAssumeRoleWebIdentityCredentialsProvider() - : STSAssumeRoleWebIdentityCredentialsProvider(Aws::Client::ClientConfiguration::CredentialProviderConfiguration{ - Aws::Auth::GetConfigProfileName(), - GetLegacySettingFromEnvOrProfile("AWS_DEFAULT_REGION", - [](const Aws::Config::Profile& profile) -> Aws::String { return profile.GetRegion(); }), - {}, - {GetLegacySettingFromEnvOrProfile("AWS_ROLE_ARN", - [](const Aws::Config::Profile& profile) -> Aws::String { return profile.GetRoleArn(); }), - GetLegacySettingFromEnvOrProfile( - "AWS_ROLE_SESSION_NAME", - [](const Aws::Config::Profile& profile) -> Aws::String { return profile.GetValue("role_session_name"); }), - GetLegacySettingFromEnvOrProfile( - "AWS_WEB_IDENTITY_TOKEN_FILE", - [](const Aws::Config::Profile& profile) -> Aws::String { return profile.GetValue("web_identity_token_file"); })}, - {}}) {} + : STSAssumeRoleWebIdentityCredentialsProvider(BuildLegacyConfig()) {} STSAssumeRoleWebIdentityCredentialsProvider::~STSAssumeRoleWebIdentityCredentialsProvider() = default; diff --git a/src/aws-cpp-sdk-core/source/client/ClientConfiguration.cpp b/src/aws-cpp-sdk-core/source/client/ClientConfiguration.cpp index cc805c69eb99..db9f18b24f09 100644 --- a/src/aws-cpp-sdk-core/source/client/ClientConfiguration.cpp +++ b/src/aws-cpp-sdk-core/source/client/ClientConfiguration.cpp @@ -649,5 +649,15 @@ Aws::String ClientConfiguration::LoadConfigFromEnvOrProfileCaseSensitive(const A return option; } +ClientConfiguration::CredentialProviderConfiguration ClientConfiguration::ResolveCredentialProviderConfig() const +{ + auto resolved = credentialProviderConfig; + resolved.region = region; + resolved.profile = profileName; + resolved.imdsConfig.disableImds = disableIMDS; + resolved.allowSystemProxy = allowSystemProxy; + return resolved; +} + } // namespace Client } // namespace Aws diff --git a/tools/code-generation/generator/src/main/resources/com/amazonaws/util/awsclientgenerator/velocity/cpp/ServiceClientSourceInit.vm b/tools/code-generation/generator/src/main/resources/com/amazonaws/util/awsclientgenerator/velocity/cpp/ServiceClientSourceInit.vm index 1790077f3037..010c819a7a95 100644 --- a/tools/code-generation/generator/src/main/resources/com/amazonaws/util/awsclientgenerator/velocity/cpp/ServiceClientSourceInit.vm +++ b/tools/code-generation/generator/src/main/resources/com/amazonaws/util/awsclientgenerator/velocity/cpp/ServiceClientSourceInit.vm @@ -63,7 +63,7 @@ #set($AdditionalServiceSpecificConfigLoadString = "Load${metadata.classNamePrefix}SpecificConfig(config);") #end #set($clientConfigurationNamespace = "Aws::Client") -#set($defaultCredentialsProviderChainParam = "Aws::MakeShared(ALLOCATION_TAG, clientConfiguration.credentialProviderConfig)") +#set($defaultCredentialsProviderChainParam = "Aws::MakeShared(ALLOCATION_TAG, clientConfiguration.ResolveCredentialProviderConfig())") #set($s3ExpressIdentityProviderParam = "clientConfiguration.identityProviderSupplier(*this)") #set($simpleCredentialsProviderParam = "Aws::MakeShared(ALLOCATION_TAG, credentials)") #set($hasEventStreamInputOperation = $serviceModel.hasStreamingRequestShapes()) diff --git a/tools/code-generation/generator/src/main/resources/com/amazonaws/util/awsclientgenerator/velocity/cpp/ServiceClientSourceLegacyConstructors.vm b/tools/code-generation/generator/src/main/resources/com/amazonaws/util/awsclientgenerator/velocity/cpp/ServiceClientSourceLegacyConstructors.vm index b9f0921d3852..af6a3d5a726a 100644 --- a/tools/code-generation/generator/src/main/resources/com/amazonaws/util/awsclientgenerator/velocity/cpp/ServiceClientSourceLegacyConstructors.vm +++ b/tools/code-generation/generator/src/main/resources/com/amazonaws/util/awsclientgenerator/velocity/cpp/ServiceClientSourceLegacyConstructors.vm @@ -57,7 +57,7 @@ #set($AdditionalServiceSpecificConfigLoadString = "Load${metadata.classNamePrefix}SpecificConfig(config);") #end #set($clientConfigurationNamespace = "Aws::Client") -#set($defaultCredentialsProviderChainParam = "Aws::MakeShared(ALLOCATION_TAG, clientConfiguration.credentialProviderConfig)") +#set($defaultCredentialsProviderChainParam = "Aws::MakeShared(ALLOCATION_TAG, clientConfiguration.ResolveCredentialProviderConfig())") #set($simpleCredentialsProviderParam = "Aws::MakeShared(ALLOCATION_TAG, credentials)") #set($hasEventStreamInputOperation = $serviceModel.hasStreamingRequestShapes()) #set($signerToMake = "AWSAuthV4Signer") diff --git a/tools/code-generation/generator/src/main/resources/com/amazonaws/util/awsclientgenerator/velocity/cpp/smithy/SmithyClientSourceInit.vm b/tools/code-generation/generator/src/main/resources/com/amazonaws/util/awsclientgenerator/velocity/cpp/smithy/SmithyClientSourceInit.vm index 65d371f16197..fd54126b9f59 100644 --- a/tools/code-generation/generator/src/main/resources/com/amazonaws/util/awsclientgenerator/velocity/cpp/smithy/SmithyClientSourceInit.vm +++ b/tools/code-generation/generator/src/main/resources/com/amazonaws/util/awsclientgenerator/velocity/cpp/smithy/SmithyClientSourceInit.vm @@ -63,7 +63,7 @@ ${className}::${className}(const ${clientConfiguration}& clientConfiguration, { #if($serviceModel.metadata.serviceId == "S3") [&]() -> Aws::UnorderedMap > { - auto credsResolver = Aws::MakeShared(ALLOCATION_TAG, clientConfiguration.credentialProviderConfig); + auto credsResolver = Aws::MakeShared(ALLOCATION_TAG, clientConfiguration.ResolveCredentialProviderConfig()); return { #foreach($entry in $AuthSchemeMapEntries) #if($AuthSchemes && $AuthSchemes[$foreach.index] == $s3_express_auth) @@ -77,9 +77,9 @@ ${className}::${className}(const ${clientConfiguration}& clientConfiguration, #else #foreach($entry in $AuthSchemeMapEntries) #if($entry.contains("smithy::BearerTokenAuthScheme") && $serviceModel.metadata.signingName == "bedrock") - {${entry}{Aws::MakeShared<${metadata.classNamePrefix}AwsBearerTokenIdentityResolver>("BearerTokenAuthScheme", clientConfiguration.credentialProviderConfig), GetServiceName(), clientConfiguration.region}}, + {${entry}{Aws::MakeShared<${metadata.classNamePrefix}AwsBearerTokenIdentityResolver>("BearerTokenAuthScheme", clientConfiguration.ResolveCredentialProviderConfig()), GetServiceName(), clientConfiguration.region}}, #else - {${entry}{GetServiceName(), clientConfiguration.region, clientConfiguration.credentialProviderConfig}}, + {${entry}{GetServiceName(), clientConfiguration.region, clientConfiguration.ResolveCredentialProviderConfig()}}, #end #end #end @@ -124,9 +124,9 @@ ${className}::${className}(const AWSCredentials& credentials, {${entry}{Aws::MakeShared(ALLOCATION_TAG, credentials), GetServiceName(), clientConfiguration.region}}, #else #if($serviceModel.metadata.signingName == "bedrock") - {${entry}{Aws::MakeShared<${metadata.classNamePrefix}AwsBearerTokenIdentityResolver>("BearerTokenAuthScheme", clientConfiguration.credentialProviderConfig), GetServiceName(), clientConfiguration.region}} + {${entry}{Aws::MakeShared<${metadata.classNamePrefix}AwsBearerTokenIdentityResolver>("BearerTokenAuthScheme", clientConfiguration.ResolveCredentialProviderConfig()), GetServiceName(), clientConfiguration.region}} #else - {${entry}{GetServiceName(), clientConfiguration.region, clientConfiguration.credentialProviderConfig}} + {${entry}{GetServiceName(), clientConfiguration.region, clientConfiguration.ResolveCredentialProviderConfig()}} #end #end #end @@ -192,7 +192,7 @@ ${className}::${className}(const Aws::Client::ClientConfiguration& clientConfigu Aws::MakeShared<${AuthSchemeResolver}>(ALLOCATION_TAG), { [&]() -> Aws::UnorderedMap > { - auto credsResolver = Aws::MakeShared(ALLOCATION_TAG, clientConfiguration.credentialProviderConfig); + auto credsResolver = Aws::MakeShared(ALLOCATION_TAG, clientConfiguration.ResolveCredentialProviderConfig()); return { #foreach($entry in $AuthSchemeMapEntries) #if($AuthSchemes && $AuthSchemes[$foreach.index] == $s3_express_auth) @@ -275,7 +275,7 @@ ${className}::${className}(const ${className} &rhs) : Aws::Client::ClientWithAsyncTemplateMethods(), AwsSmithyClientT(rhs) { m_authSchemes = [&]() -> Aws::UnorderedMap > { - auto credsResolver = Aws::MakeShared(ALLOCATION_TAG, clientConfiguration.credentialProviderConfig); + auto credsResolver = Aws::MakeShared(ALLOCATION_TAG, clientConfiguration.ResolveCredentialProviderConfig()); return { #foreach($entry in $AuthSchemeMapEntries) #if($AuthSchemes && $AuthSchemes[$foreach.index] == $s3_express_auth) @@ -306,9 +306,9 @@ ${className}::${className}(const Aws::Client::ClientConfiguration& clientConfigu { #foreach($entry in $AuthSchemeMapEntries) #if($entry.contains("smithy::BearerTokenAuthScheme") && $serviceModel.metadata.signingName == "bedrock") - {${entry}{Aws::MakeShared<${metadata.classNamePrefix}AwsBearerTokenIdentityResolver>("BearerTokenAuthScheme", clientConfiguration.credentialProviderConfig), GetServiceName(), clientConfiguration.region}}, + {${entry}{Aws::MakeShared<${metadata.classNamePrefix}AwsBearerTokenIdentityResolver>("BearerTokenAuthScheme", clientConfiguration.ResolveCredentialProviderConfig()), GetServiceName(), clientConfiguration.region}}, #else - {${entry}{GetServiceName(), clientConfiguration.region, clientConfiguration.credentialProviderConfig}}, + {${entry}{GetServiceName(), clientConfiguration.region, clientConfiguration.ResolveCredentialProviderConfig()}}, #end #end }) @@ -333,9 +333,9 @@ ${className}::${className}(const AWSCredentials& credentials, {$entry{Aws::MakeShared(ALLOCATION_TAG, credentials), GetServiceName(), clientConfiguration.region}}, #else #if($entry.contains("smithy::BearerTokenAuthScheme") && $serviceModel.metadata.signingName == "bedrock") - {${entry}{Aws::MakeShared<${metadata.classNamePrefix}AwsBearerTokenIdentityResolver>("BearerTokenAuthScheme", clientConfiguration.credentialProviderConfig), GetServiceName(), clientConfiguration.region}}, + {${entry}{Aws::MakeShared<${metadata.classNamePrefix}AwsBearerTokenIdentityResolver>("BearerTokenAuthScheme", clientConfiguration.ResolveCredentialProviderConfig()), GetServiceName(), clientConfiguration.region}}, #else - {${entry}{GetServiceName(), clientConfiguration.region, clientConfiguration.credentialProviderConfig}} + {${entry}{GetServiceName(), clientConfiguration.region, clientConfiguration.ResolveCredentialProviderConfig()}} #end #end @@ -361,9 +361,9 @@ ${className}::${className}(const std::shared_ptr& creden {$entry{Aws::MakeShared(ALLOCATION_TAG, credentialsProvider), GetServiceName(), clientConfiguration.region}}, #else #if($serviceModel.metadata.serviceId == "Bedrock" || $serviceModel.metadata.serviceId == "Bedrock Runtime" || $serviceModel.metadata.serviceId == "Bedrock Agent" || $serviceModel.metadata.serviceId == "Bedrock Agent Runtime") - {${entry}{Aws::MakeShared<${metadata.classNamePrefix}AwsBearerTokenIdentityResolver>("BearerTokenAuthScheme", clientConfiguration.credentialProviderConfig), GetServiceName(), clientConfiguration.region}} + {${entry}{Aws::MakeShared<${metadata.classNamePrefix}AwsBearerTokenIdentityResolver>("BearerTokenAuthScheme", clientConfiguration.ResolveCredentialProviderConfig()), GetServiceName(), clientConfiguration.region}} #else - {${entry}{GetServiceName(), clientConfiguration.region, clientConfiguration.credentialProviderConfig}} + {${entry}{GetServiceName(), clientConfiguration.region, clientConfiguration.ResolveCredentialProviderConfig()}} #end #end #end