Update service clients to remove usage of fallback credentials factory

generator/ServiceClientGeneratorLib/GeneratorDriver.cs

@@ -119,7 +119,7 @@ public class GeneratorDriver
         /// This is an allow-list for now (to prevent creating >400 files), but will be updated to a deny-list in the future (only a handful
         /// of services such as S3 and EventBridge won't use modeled auth resolvers).
         /// </remarks>
-        private static readonly HashSet<string> _allowListModeledAuthResolvers = new HashSet<string>
+        public static readonly HashSet<string> AllowListModeledAuthResolvers = new HashSet<string>
         {
             "AutoScaling",
         };
@@ -209,7 +209,7 @@ public void Execute()
                 ExecuteTestGenerator(new EndpointProviderTests(), Configuration.ClassName + "EndpointProviderTests.cs", "Endpoints");
             }
 
-            if (_allowListModeledAuthResolvers.Contains(Configuration.ClassName))
+            if (AllowListModeledAuthResolvers.Contains(Configuration.ClassName))
             {
                 ExecuteGenerator(new ModeledResolver(), "Amazon" + Configuration.ClassName + "AuthResolver.cs", "Internal");
             }

generator/ServiceClientGeneratorLib/Generators/SourceFiles/ServiceClientsNetFramework.tt

@@ -80,7 +80,11 @@ namespace <#=this.Config.Namespace#>
         ///
         /// </summary>
         public Amazon<#=this.Config.ClassName#>Client()
+<# if (GeneratorDriver.AllowListModeledAuthResolvers.Contains(this.Config.ClassName)) {#>
+            : base(new Amazon<#=this.Config.ClassName#>Config()) { }
+<#} else {#>
             : base(FallbackCredentialsFactory.GetCredentials(<#= fallbackToAnonymousCredentials ? "fallbackToAnonymous: true" : ""#>), new Amazon<#=this.Config.ClassName#>Config()) { }
+<#}#>
 
         /// <summary>
         /// Constructs Amazon<#=this.Config.ClassName#>Client with the credentials loaded from the application's
@@ -99,7 +103,11 @@ namespace <#=this.Config.Namespace#>
         /// </summary>
         /// <param name="region">The region to connect.</param>
         public Amazon<#=this.Config.ClassName#>Client(RegionEndpoint region)
+<# if (GeneratorDriver.AllowListModeledAuthResolvers.Contains(this.Config.ClassName)) { #>
+            : base(new Amazon<#=this.Config.ClassName#>Config{RegionEndpoint = region}) { }
+<#} else {#>
             : base(FallbackCredentialsFactory.GetCredentials(<#= fallbackToAnonymousCredentials ? "fallbackToAnonymous: true" : ""#>), new Amazon<#=this.Config.ClassName#>Config{RegionEndpoint = region}) { }
+<#}#>
 
         /// <summary>
         /// Constructs Amazon<#=this.Config.ClassName#>Client with the credentials loaded from the application's
@@ -118,7 +126,11 @@ namespace <#=this.Config.Namespace#>
         /// </summary>
         /// <param name="config">The Amazon<#=this.Config.ClassName#>Client Configuration Object</param>
         public Amazon<#=this.Config.ClassName#>Client(Amazon<#=this.Config.ClassName#>Config config)
+<# if (GeneratorDriver.AllowListModeledAuthResolvers.Contains(this.Config.ClassName)) { #>
+            : base(config) { }
+<#} else {#>
             : base(FallbackCredentialsFactory.GetCredentials(config<#= fallbackToAnonymousCredentials ? ", fallbackToAnonymous: true" : ""#>), config){}
+<#}#>
 
         /// <summary>
         /// Constructs Amazon<#=this.Config.ClassName#>Client with AWS Credentials

generator/ServiceClientGeneratorLib/Generators/SourceFiles/ServiceClientsNetStandard.tt

@@ -57,7 +57,11 @@ namespace <#=this.Config.Namespace#>
         ///
         /// </summary>
         public Amazon<#=this.Config.ClassName#>Client()
+<# if (GeneratorDriver.AllowListModeledAuthResolvers.Contains(this.Config.ClassName)) {#>
+            : base(new Amazon<#=this.Config.ClassName#>Config()) { }
+<#} else {#>
             : base(FallbackCredentialsFactory.GetCredentials(<#= fallbackToAnonymousCredentials ? "fallbackToAnonymous: true" : ""#>), new Amazon<#=this.Config.ClassName#>Config()) { }
+<#}#>
 
         /// <summary>
         /// Constructs Amazon<#=this.Config.ClassName#>Client with the credentials loaded from the application's
@@ -76,7 +80,11 @@ namespace <#=this.Config.Namespace#>
         /// </summary>
         /// <param name="region">The region to connect.</param>
         public Amazon<#=this.Config.ClassName#>Client(RegionEndpoint region)
+<# if (GeneratorDriver.AllowListModeledAuthResolvers.Contains(this.Config.ClassName)) { #>
+            : base(new Amazon<#=this.Config.ClassName#>Config{RegionEndpoint = region}) { }
+<#} else {#>
             : base(FallbackCredentialsFactory.GetCredentials(<#= fallbackToAnonymousCredentials ? "fallbackToAnonymous: true" : ""#>), new Amazon<#=this.Config.ClassName#>Config{RegionEndpoint = region}) { }
+<#}#>
 
         /// <summary>
         /// Constructs Amazon<#=this.Config.ClassName#>Client with the credentials loaded from the application's
@@ -95,7 +103,11 @@ namespace <#=this.Config.Namespace#>
         /// </summary>
         /// <param name="config">The Amazon<#=this.Config.ClassName#>Client Configuration Object</param>
         public Amazon<#=this.Config.ClassName#>Client(Amazon<#=this.Config.ClassName#>Config config)
+<# if (GeneratorDriver.AllowListModeledAuthResolvers.Contains(this.Config.ClassName)) { #>
+            : base(config) { }
+<#} else {#>
             : base(FallbackCredentialsFactory.GetCredentials(config<#= fallbackToAnonymousCredentials ? ", fallbackToAnonymous: true" : ""#>), config){}
+<#}#>
 
 
         /// <summary>

sdk/src/Core/Amazon.Runtime/AmazonServiceClient.cs

@@ -43,7 +43,7 @@ public abstract class AmazonServiceClient : IDisposable
         private Logger _logger;
         protected EndpointDiscoveryResolverBase EndpointDiscoveryResolver { get; private set; }
         protected RuntimePipeline RuntimePipeline { get; set; }
-        protected internal AWSCredentials Credentials { get; private set; }
+        protected internal AWSCredentials DefaultAWSCredentials { get; private set; }
         public IClientConfig Config => _config;
         private readonly ClientConfig _config;
         protected virtual IServiceMetadata ServiceMetadata { get; } = new ServiceMetadata();
@@ -160,7 +160,7 @@ protected AmazonServiceClient(AWSCredentials credentials, ClientConfig config)
                 _logger = Logger.GetLogger(this.GetType());
 
             config.Validate();
-            this.Credentials = credentials;
+            this.DefaultAWSCredentials = credentials;
             _config = config;
             Signer = CreateSigner();
             EndpointDiscoveryResolver = new EndpointDiscoveryResolver(config, _logger);
@@ -390,7 +390,7 @@ private void BuildRuntimePipeline()
                     // ChecksumHandler must come after EndpointsResolver because of an upcoming project.
                     new ChecksumHandler(),
                     // CredentialsRetriever must come after RetryHandler because of any credential related changes.
-                    new CredentialsRetriever(this.Credentials),
+                    new CredentialsRetriever(this.DefaultAWSCredentials),
                     new RetryHandler(retryPolicy),
                     new CompressionHandler(),
                     postMarshallHandler,

sdk/src/Core/Amazon.Runtime/ClientConfig.cs

@@ -16,17 +16,19 @@
 using System.Collections.Generic;
 using System.Net;
 using System.Threading;
+using System.Globalization;
 
 
+using Smithy.Identity.Abstractions;
 using Amazon.Util;
-using System.Globalization;
 using Amazon.Internal;
 using Amazon.Runtime.Endpoints;
 using Amazon.Runtime.Internal;
 using Amazon.Runtime.Internal.Util;
 using Amazon.Runtime.CredentialManagement;
 using Amazon.Runtime.Internal.Settings;
 using Amazon.Runtime.Telemetry;
+using Amazon.Runtime.Credentials.Internal.IdentityResolvers;
 
 #if NETSTANDARD
 using System.Runtime.InteropServices;
@@ -88,6 +90,7 @@ public abstract partial class ClientConfig : IClientConfig
         private const int MaxRetriesDefault = 2;
         private const long DefaultMinCompressionSizeBytes = 10240;
         private bool didProcessServiceURL = false;
+        private IIdentityResolverConfiguration _identityResolverConfiguration = DefaultIdentityResolverConfiguration.Instance;
         private IAWSTokenProvider _awsTokenProvider = new DefaultAWSTokenProviderChain();
         private TelemetryProvider telemetryProvider = AWSConfigs.TelemetryProvider;
         private AccountIdEndpointMode? accountIdEndpointMode = null;
@@ -179,8 +182,15 @@ private static Amazon.Runtime.Internal.Util.WebProxy GetWebProxyWithCredentials(
 
             return null;
         }
+        /// <inheritdoc />
+        public IIdentityResolverConfiguration IdentityResolverConfiguration
+        {
+            get { return this._identityResolverConfiguration; }
+            set { this._identityResolverConfiguration = value; }
+        }
 
         /// <inheritdoc />
+        [Obsolete("This property is deprecated in favor of the new Identity resolvers configured through IdentityResolverConfiguration.")]
         public IAWSTokenProvider AWSTokenProvider
         {
             get { return this._awsTokenProvider; }
@@ -335,7 +345,7 @@ public string ServiceURL
                         }
                         else
                         {
-                            CredentialProfileStoreChain.TryGetProfile(FallbackCredentialsFactory.GetProfileName(), out profile);
+                            CredentialProfileStoreChain.TryGetProfile(DefaultAWSCredentialsIdentityResolver.GetProfileName(), out profile);
                         }
                         if(profile != null)
                         {

sdk/src/Core/Amazon.Runtime/Credentials/Internal/IdentityResolvers/DefaultAWSCredentialsIdentityResolver.cs

@@ -150,7 +150,7 @@ private static AWSCredentials GetAWSCredentials(ICredentialProfileSource source)
             throw new AmazonClientException($"Unable to find the \"{profileName}\" profile in CredentialProfileStoreChain.");
         }
 
-        private static string GetProfileName()
+        internal static string GetProfileName()
         {
             var profileName = AWSConfigs.AWSProfileName;
 

sdk/src/Core/Amazon.Runtime/IClientConfig.cs

@@ -14,11 +14,13 @@
  */
 using System;
 using System.Net;
+using Smithy.Identity.Abstractions;
 using Amazon.Runtime.Internal;
 using Amazon.Runtime.Endpoints;
 using Amazon.Runtime.Internal.Auth;
 using Amazon.Util;
 using Amazon.Runtime.Telemetry;
+using Amazon.Runtime.Credentials.Internal.IdentityResolvers;
 #if NETSTANDARD
 using System.Net.Http;
 #endif
@@ -55,6 +57,14 @@ public partial interface IClientConfig
         /// </summary>
         Profile Profile { get; }
 
+        /// <summary>
+        /// Gets the configuration for identity resolvers used by the service client, which manages
+        /// the resolvers used to obtain various types of identities.
+        /// <para />
+        /// See <see cref="DefaultIdentityResolverConfiguration"/> for additional information.
+        /// </summary>
+        IIdentityResolverConfiguration IdentityResolverConfiguration { get; }
+
         /// <summary>
         /// For Services using Bearer authentication, this controls how <see cref="BearerTokenSigner"/>
         /// resolves a <see cref="AWSToken"/>.

sdk/src/Core/Amazon.Runtime/Internal/ServiceClientHelpers.cs

@@ -34,7 +34,7 @@ public static TClient CreateServiceFromAnother<TClient, TConfig>(AmazonServiceCl
             where TConfig : ClientConfig, new ()
             where TClient : AmazonServiceClient
         {
-            var credentials = originalServiceClient.Credentials;
+            var credentials = originalServiceClient.DefaultAWSCredentials;
             var newConfig = originalServiceClient.CloneConfig<TConfig>();
 
             var newServiceClientTypeInfo = typeof(TClient);
@@ -126,7 +126,7 @@ public static TClient CreateServiceFromAssembly<TClient>(string assemblyName, st
                     config.GetType()
                 });
 
-            var newServiceClient = constructor.Invoke(new object[] { originalServiceClient.Credentials, config }) as TClient;
+            var newServiceClient = constructor.Invoke(new object[] { originalServiceClient.DefaultAWSCredentials, config }) as TClient;
 
             return newServiceClient;
         }

sdk/src/Core/Amazon.Runtime/Internal/Util/SdkCache.cs

@@ -227,7 +227,7 @@ public static CacheKey Create(AmazonServiceClient client, object cacheType)
 
                 var key = new CacheKey();
 
-                var credentials = client.Credentials;
+                var credentials = client.DefaultAWSCredentials;
                 key.ImmutableCredentials = credentials == null ?
                     null : credentials.GetCredentials();
                 key.RegionEndpoint = client.Config.RegionEndpoint;

sdk/src/Services/AutoScaling/Generated/_bcl/AmazonAutoScalingClient.cs

@@ -89,7 +89,7 @@ public IAutoScalingPaginatorFactory Paginators
         ///
         /// </summary>
         public AmazonAutoScalingClient()
-            : base(FallbackCredentialsFactory.GetCredentials(), new AmazonAutoScalingConfig()) { }
+            : base(new AmazonAutoScalingConfig()) { }
 
         /// <summary>
         /// Constructs AmazonAutoScalingClient with the credentials loaded from the application's
@@ -108,7 +108,7 @@ public AmazonAutoScalingClient()
         /// </summary>
         /// <param name="region">The region to connect.</param>
         public AmazonAutoScalingClient(RegionEndpoint region)
-            : base(FallbackCredentialsFactory.GetCredentials(), new AmazonAutoScalingConfig{RegionEndpoint = region}) { }
+            : base(new AmazonAutoScalingConfig{RegionEndpoint = region}) { }
 
         /// <summary>
         /// Constructs AmazonAutoScalingClient with the credentials loaded from the application's
@@ -127,7 +127,7 @@ public AmazonAutoScalingClient(RegionEndpoint region)
         /// </summary>
         /// <param name="config">The AmazonAutoScalingClient Configuration Object</param>
         public AmazonAutoScalingClient(AmazonAutoScalingConfig config)
-            : base(FallbackCredentialsFactory.GetCredentials(config), config){}
+            : base(config) { }
 
         /// <summary>
         /// Constructs AmazonAutoScalingClient with AWS Credentials

sdk/src/Services/AutoScaling/Generated/_netstandard/AmazonAutoScalingClient.cs

@@ -74,7 +74,7 @@ public partial class AmazonAutoScalingClient : AmazonServiceClient, IAmazonAutoS
         ///
         /// </summary>
         public AmazonAutoScalingClient()
-            : base(FallbackCredentialsFactory.GetCredentials(), new AmazonAutoScalingConfig()) { }
+            : base(new AmazonAutoScalingConfig()) { }
 
         /// <summary>
         /// Constructs AmazonAutoScalingClient with the credentials loaded from the application's
@@ -93,7 +93,7 @@ public AmazonAutoScalingClient()
         /// </summary>
         /// <param name="region">The region to connect.</param>
         public AmazonAutoScalingClient(RegionEndpoint region)
-            : base(FallbackCredentialsFactory.GetCredentials(), new AmazonAutoScalingConfig{RegionEndpoint = region}) { }
+            : base(new AmazonAutoScalingConfig{RegionEndpoint = region}) { }
 
         /// <summary>
         /// Constructs AmazonAutoScalingClient with the credentials loaded from the application's
@@ -112,7 +112,7 @@ public AmazonAutoScalingClient(RegionEndpoint region)
         /// </summary>
         /// <param name="config">The AmazonAutoScalingClient Configuration Object</param>
         public AmazonAutoScalingClient(AmazonAutoScalingConfig config)
-            : base(FallbackCredentialsFactory.GetCredentials(config), config){}
+            : base(config) { }
 
 
         /// <summary>

sdk/src/Services/S3/Custom/AmazonS3Client.Extensions.cs

@@ -87,7 +87,7 @@ protected override void Initialize()
         /// <exception cref="T:System.ArgumentNullException" />
         internal string GetPreSignedURLInternal(GetPreSignedUrlRequest request, bool useSigV2Fallback = true)
         {
-            if (Credentials == null)
+            if (DefaultAWSCredentials == null)
                 throw new AmazonS3Exception("Credentials must be specified, cannot call method anonymously");
 
             if (request == null)
@@ -97,7 +97,7 @@ internal string GetPreSignedURLInternal(GetPreSignedUrlRequest request, bool use
                 throw new InvalidOperationException("The Expires specified is null!");
             Arn arn = null;
             var signatureVersionToUse = DetermineSignatureVersionToUse(request, ref arn, useSigV2Fallback);
-            var immutableCredentials = Credentials.GetCredentials();
+            var immutableCredentials = DefaultAWSCredentials.GetCredentials();
             var irequest = Marshall(this.Config, request, immutableCredentials.AccessKey, immutableCredentials.Token, signatureVersionToUse);
 
             var context = new Amazon.Runtime.Internal.ExecutionContext(new Amazon.Runtime.Internal.RequestContext(true, new NullSigner()) { Request = irequest, ClientConfig = this.Config }, null);
@@ -150,7 +150,7 @@ internal string GetPreSignedURLInternal(GetPreSignedUrlRequest request, bool use
         [SuppressMessage("AWSSDKRules", "CR1004")]
         internal async Task<string> GetPreSignedURLInternalAsync(GetPreSignedUrlRequest request, bool useSigV2Fallback = true)
         {
-            if (Credentials == null)
+            if (DefaultAWSCredentials == null)
                 throw new AmazonS3Exception("Credentials must be specified, cannot call method anonymously");
 
             if (request == null)
@@ -160,7 +160,7 @@ internal async Task<string> GetPreSignedURLInternalAsync(GetPreSignedUrlRequest
                 throw new InvalidOperationException("The Expires specified is null!");
             Arn arn = null;
             var signatureVersionToUse = DetermineSignatureVersionToUse(request, ref arn, useSigV2Fallback);
-            var immutableCredentials = await Credentials.GetCredentialsAsync().ConfigureAwait(false);
+            var immutableCredentials = await DefaultAWSCredentials.GetCredentialsAsync().ConfigureAwait(false);
             var irequest = Marshall(this.Config, request, immutableCredentials.AccessKey, immutableCredentials.Token, signatureVersionToUse);