Skip to content

Add business metric support for Sigv4A auth scheme #6489

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 16 commits into from
Oct 27, 2025
Merged

Add business metric support for Sigv4A auth scheme #6489

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
e0c2f8b
Add business metric support for Sigv4A auth scheme
S-Saranya1 Oct 20, 2025
d577caa
Merge branch 'master' into somepal/sigv4a-auth-scheme-featureID
S-Saranya1 Oct 20, 2025
558ac66
Fixing failing tests
S-Saranya1 Oct 20, 2025
823f0bd
Address PR feedback
S-Saranya1 Oct 21, 2025
cd2136b
Additional changes
S-Saranya1 Oct 22, 2025
3d7dab8
Fixing test failures
S-Saranya1 Oct 22, 2025
bd7a7a6
Fixing test failures
S-Saranya1 Oct 22, 2025
f9ded2e
Fix test failure
S-Saranya1 Oct 22, 2025
db8c797
Additional changes in test:
S-Saranya1 Oct 22, 2025
57016a0
Address review comments
S-Saranya1 Oct 22, 2025
7577da9
Removing unused import
S-Saranya1 Oct 22, 2025
025cb48
Merge branch 'master' into somepal/sigv4a-auth-scheme-featureID
S-Saranya1 Oct 24, 2025
ed69ac0
Move sigv4a business metric logic to auth interceptor to record at au…
S-Saranya1 Oct 24, 2025
b69ebe7
Remove changes from ApplyUserAgentStage
S-Saranya1 Oct 24, 2025
059c869
Adding missed file
S-Saranya1 Oct 24, 2025
ca6352b
Address review comments
S-Saranya1 Oct 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .changes/next-release/feature-AWSSDKforJavav2-7c6c7a4.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{
"type": "feature",
"category": "AWS SDK for Java v2",
"contributor": "",
"description": "Add business metric support for Sigv4A auth scheme to track when an operation is called using Sigv4A signing"
}
17 changes: 17 additions & 0 deletions .../main/java/software/amazon/awssdk/codegen/poet/auth/scheme/AuthSchemeInterceptorSpec.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@
import software.amazon.awssdk.core.metrics.CoreMetric;
import software.amazon.awssdk.core.useragent.BusinessMetricFeatureId;
import software.amazon.awssdk.endpoints.EndpointProvider;
import software.amazon.awssdk.http.auth.aws.scheme.AwsV4aAuthScheme;
import software.amazon.awssdk.http.auth.aws.signer.RegionSet;
import software.amazon.awssdk.http.auth.scheme.BearerAuthScheme;
import software.amazon.awssdk.http.auth.spi.scheme.AuthScheme;
Expand Down Expand Up @@ -158,6 +159,22 @@ private MethodSpec generateBeforeExecution() {
builder.addStatement("recordEnvironmentTokenBusinessMetric(selectedAuthScheme, "
+ "executionAttributes)");
}

if (authSchemeSpecUtils.hasSigV4aSupport()) {
builder.beginControlFlow("if (selectedAuthScheme != null && "
+ "selectedAuthScheme.authSchemeOption().schemeId().equals($T.SCHEME_ID) && "
+ "!$T.isSignerOverridden(context.request(), executionAttributes))",
AwsV4aAuthScheme.class,
ClassName.get("software.amazon.awssdk.awscore.util", "SignerOverrideUtils"))
.addStatement("$T businessMetrics = executionAttributes.getAttribute($T.BUSINESS_METRICS)",
ClassName.get("software.amazon.awssdk.core.useragent", "BusinessMetricCollection"),
SdkInternalExecutionAttribute.class)
.beginControlFlow("if (businessMetrics != null)")
.addStatement("businessMetrics.addMetric($T.SIGV4A_SIGNING.value())",
BusinessMetricFeatureId.class)
.endControlFlow()
.endControlFlow();
}
return builder.build();
}

Expand Down
12 changes: 12 additions & 0 deletions ...amazon/awssdk/codegen/poet/auth/scheme/ops-auth-sigv4a-value-auth-scheme-interceptor.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.awscore.AwsExecutionAttribute;
import software.amazon.awssdk.awscore.util.SignerOverrideUtils;
import software.amazon.awssdk.core.SdkRequest;
import software.amazon.awssdk.core.SelectedAuthScheme;
import software.amazon.awssdk.core.exception.SdkException;
Expand All @@ -20,6 +21,9 @@
import software.amazon.awssdk.core.interceptor.SdkInternalExecutionAttribute;
import software.amazon.awssdk.core.internal.util.MetricUtils;
import software.amazon.awssdk.core.metrics.CoreMetric;
import software.amazon.awssdk.core.useragent.BusinessMetricCollection;
import software.amazon.awssdk.core.useragent.BusinessMetricFeatureId;
import software.amazon.awssdk.http.auth.aws.scheme.AwsV4aAuthScheme;
import software.amazon.awssdk.http.auth.aws.signer.RegionSet;
import software.amazon.awssdk.http.auth.spi.scheme.AuthScheme;
import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeOption;
Expand Down Expand Up @@ -49,6 +53,14 @@ public void beforeExecution(Context.BeforeExecution context, ExecutionAttributes
List<AuthSchemeOption> authOptions = resolveAuthOptions(context, executionAttributes);
SelectedAuthScheme<? extends Identity> selectedAuthScheme = selectAuthScheme(authOptions, executionAttributes);
putSelectedAuthScheme(executionAttributes, selectedAuthScheme);
if (selectedAuthScheme != null && selectedAuthScheme.authSchemeOption().schemeId().equals(AwsV4aAuthScheme.SCHEME_ID)
&& !SignerOverrideUtils.isSignerOverridden(context.request(), executionAttributes)) {
BusinessMetricCollection businessMetrics = executionAttributes
.getAttribute(SdkInternalExecutionAttribute.BUSINESS_METRICS);
if (businessMetrics != null) {
businessMetrics.addMetric(BusinessMetricFeatureId.SIGV4A_SIGNING.value());
}
}
}

private List<AuthSchemeOption> resolveAuthOptions(Context.BeforeExecution context, ExecutionAttributes executionAttributes) {
Expand Down
13 changes: 12 additions & 1 deletion ...n/poet/auth/scheme/query-endpoint-auth-params-with-allowlist-auth-scheme-interceptor.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.awscore.AwsExecutionAttribute;
import software.amazon.awssdk.awscore.util.SignerOverrideUtils;
import software.amazon.awssdk.core.SdkRequest;
import software.amazon.awssdk.core.SelectedAuthScheme;
import software.amazon.awssdk.core.exception.SdkException;
Expand All @@ -20,7 +21,10 @@
import software.amazon.awssdk.core.interceptor.SdkInternalExecutionAttribute;
import software.amazon.awssdk.core.internal.util.MetricUtils;
import software.amazon.awssdk.core.metrics.CoreMetric;
import software.amazon.awssdk.core.useragent.BusinessMetricCollection;
import software.amazon.awssdk.core.useragent.BusinessMetricFeatureId;
import software.amazon.awssdk.endpoints.EndpointProvider;
import software.amazon.awssdk.http.auth.aws.scheme.AwsV4aAuthScheme;
import software.amazon.awssdk.http.auth.aws.signer.RegionSet;
import software.amazon.awssdk.http.auth.spi.scheme.AuthScheme;
import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeOption;
Expand Down Expand Up @@ -52,6 +56,14 @@ public void beforeExecution(Context.BeforeExecution context, ExecutionAttributes
List<AuthSchemeOption> authOptions = resolveAuthOptions(context, executionAttributes);
SelectedAuthScheme<? extends Identity> selectedAuthScheme = selectAuthScheme(authOptions, executionAttributes);
putSelectedAuthScheme(executionAttributes, selectedAuthScheme);
if (selectedAuthScheme != null && selectedAuthScheme.authSchemeOption().schemeId().equals(AwsV4aAuthScheme.SCHEME_ID)
&& !SignerOverrideUtils.isSignerOverridden(context.request(), executionAttributes)) {
BusinessMetricCollection businessMetrics = executionAttributes
.getAttribute(SdkInternalExecutionAttribute.BUSINESS_METRICS);
if (businessMetrics != null) {
businessMetrics.addMetric(BusinessMetricFeatureId.SIGV4A_SIGNING.value());
}
}
}

private List<AuthSchemeOption> resolveAuthOptions(Context.BeforeExecution context, ExecutionAttributes executionAttributes) {
Expand Down Expand Up @@ -102,7 +114,6 @@ private QueryAuthSchemeParams authSchemeParams(SdkRequest request, ExecutionAttr
executionAttributes.getOptionalAttribute(AwsExecutionAttribute.AWS_SIGV4A_SIGNING_REGION_SET)
.filter(regionSet -> !CollectionUtils.isNullOrEmpty(regionSet))
.ifPresent(nonEmptyRegionSet -> builder.regionSet(RegionSet.create(nonEmptyRegionSet)));

if (builder instanceof QueryEndpointResolverAware.Builder) {
EndpointProvider endpointProvider = executionAttributes.getAttribute(SdkInternalExecutionAttribute.ENDPOINT_PROVIDER);
if (endpointProvider instanceof QueryEndpointProvider) {
Expand Down
12 changes: 12 additions & 0 deletions ...oet/auth/scheme/query-endpoint-auth-params-without-allowlist-auth-scheme-interceptor.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
import software.amazon.awssdk.annotations.Generated;
import software.amazon.awssdk.annotations.SdkInternalApi;
import software.amazon.awssdk.awscore.AwsExecutionAttribute;
import software.amazon.awssdk.awscore.util.SignerOverrideUtils;
import software.amazon.awssdk.core.SdkRequest;
import software.amazon.awssdk.core.SelectedAuthScheme;
import software.amazon.awssdk.core.exception.SdkException;
Expand All @@ -20,7 +21,10 @@
import software.amazon.awssdk.core.interceptor.SdkInternalExecutionAttribute;
import software.amazon.awssdk.core.internal.util.MetricUtils;
import software.amazon.awssdk.core.metrics.CoreMetric;
import software.amazon.awssdk.core.useragent.BusinessMetricCollection;
import software.amazon.awssdk.core.useragent.BusinessMetricFeatureId;
import software.amazon.awssdk.endpoints.EndpointProvider;
import software.amazon.awssdk.http.auth.aws.scheme.AwsV4aAuthScheme;
import software.amazon.awssdk.http.auth.aws.signer.RegionSet;
import software.amazon.awssdk.http.auth.spi.scheme.AuthScheme;
import software.amazon.awssdk.http.auth.spi.scheme.AuthSchemeOption;
Expand Down Expand Up @@ -52,6 +56,14 @@ public void beforeExecution(Context.BeforeExecution context, ExecutionAttributes
List<AuthSchemeOption> authOptions = resolveAuthOptions(context, executionAttributes);
SelectedAuthScheme<? extends Identity> selectedAuthScheme = selectAuthScheme(authOptions, executionAttributes);
putSelectedAuthScheme(executionAttributes, selectedAuthScheme);
if (selectedAuthScheme != null && selectedAuthScheme.authSchemeOption().schemeId().equals(AwsV4aAuthScheme.SCHEME_ID)
&& !SignerOverrideUtils.isSignerOverridden(context.request(), executionAttributes)) {
BusinessMetricCollection businessMetrics = executionAttributes
.getAttribute(SdkInternalExecutionAttribute.BUSINESS_METRICS);
if (businessMetrics != null) {
businessMetrics.addMetric(BusinessMetricFeatureId.SIGV4A_SIGNING.value());
}
}
}

private List<AuthSchemeOption> resolveAuthOptions(Context.BeforeExecution context, ExecutionAttributes executionAttributes) {
Expand Down
8 changes: 4 additions & 4 deletions ...n/java/software/amazon/awssdk/core/internal/http/pipeline/stages/ApplyUserAgentStage.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@

/**
* A stage for adding the user agent header to the request, after retrieving the current string
* from execution attributes and adding any additional information.
* from execution attributes and adding any additional information.
*/
@SdkInternalApi
public class ApplyUserAgentStage implements MutableRequestToRequestPipeline {
Expand Down Expand Up @@ -152,11 +152,11 @@ private static Optional<String> getBusinessMetricsString(ExecutionAttributes exe
businessMetrics.merge(metricsFromApiNames);

credentialProviderBusinessMetrics(executionAttributes).ifPresent(businessMetrics::merge);

if (businessMetrics.recordedMetrics().isEmpty()) {
return Optional.empty();
}

return Optional.of(businessMetrics.asBoundedString());
}

Expand Down Expand Up @@ -195,4 +195,4 @@ private Optional<String> requestApiNames(List<ApiName> requestApiNames) {
.append(apiName.version()));
return Optional.of(concatenatedNames.toString());
}
}
}
3 changes: 2 additions & 1 deletion ...sdk-core/src/main/java/software/amazon/awssdk/core/useragent/BusinessMetricFeatureId.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
/**
* An enum class representing a short form of identity providers to record in the UA string.
*
* Unimplemented metrics: I,J,K,O,S,U-c
* Unimplemented metrics: I,J,K,O,U-c
* Unsupported metrics (these will never be added): A,H
*/
@SdkProtectedApi
Expand All @@ -40,6 +40,7 @@ public enum BusinessMetricFeatureId {
ACCOUNT_ID_MODE_PREFERRED("P"),
ACCOUNT_ID_MODE_DISABLED("Q"),
ACCOUNT_ID_MODE_REQUIRED("R"),
SIGV4A_SIGNING("S"),
RESOLVED_ACCOUNT_ID("T"),
DDB_MAPPER("d"),
BEARER_SERVICE_ENV_VARS("3"),
Expand Down
181 changes: 181 additions & 0 deletions ...test/src/test/java/software/amazon/awssdk/services/Sigv4aBusinessMetricUserAgentTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,181 @@
/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/

package software.amazon.awssdk.services;

import static org.assertj.core.api.Assertions.assertThat;
import static software.amazon.awssdk.core.useragent.BusinessMetricCollection.METRIC_SEARCH_PATTERN;

import java.util.List;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.auth.signer.Aws4Signer;
import software.amazon.awssdk.core.client.config.ClientOverrideConfiguration;
import software.amazon.awssdk.core.client.config.SdkAdvancedClientOption;
import software.amazon.awssdk.http.AbortableInputStream;
import software.amazon.awssdk.http.HttpExecuteResponse;
import software.amazon.awssdk.http.SdkHttpRequest;
import software.amazon.awssdk.http.SdkHttpResponse;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.multiauth.MultiauthClient;
import software.amazon.awssdk.services.multiauth.auth.scheme.MultiauthAuthSchemeProvider;
import software.amazon.awssdk.services.protocolrestjson.ProtocolRestJsonAsyncClient;
import software.amazon.awssdk.services.protocolrestjson.ProtocolRestJsonClient;
import software.amazon.awssdk.services.sigv4aauth.Sigv4AauthAsyncClient;
import software.amazon.awssdk.services.sigv4aauth.Sigv4AauthClient;
import software.amazon.awssdk.testutils.service.http.MockAsyncHttpClient;
import software.amazon.awssdk.testutils.service.http.MockSyncHttpClient;
import software.amazon.awssdk.utils.StringInputStream;
import java.util.Arrays;

/**
* Test class to verify that SIGV4A_SIGNING business metric is correctly included
* in the User-Agent header when operation called using Sigv4A signing.
*/
class Sigv4aBusinessMetricUserAgentTest {
private static final String USER_AGENT_HEADER_NAME = "User-Agent";
private static final StaticCredentialsProvider CREDENTIALS_PROVIDER =
StaticCredentialsProvider.create(AwsBasicCredentials.create("akid", "skid"));

private MockSyncHttpClient mockHttpClient;
private MockAsyncHttpClient mockAsyncHttpClient;

@BeforeEach
public void setup() {
mockHttpClient = new MockSyncHttpClient();
mockHttpClient.stubNextResponse(mockResponse());

mockAsyncHttpClient = new MockAsyncHttpClient();
mockAsyncHttpClient.stubNextResponse(mockResponse());
}

@Test
void when_sigv4aServiceIsUsed_correctMetricIsAdded() {
Sigv4AauthClient client = Sigv4AauthClient.builder()
.region(Region.US_WEST_2)
.credentialsProvider(CREDENTIALS_PROVIDER)
.httpClient(mockHttpClient)
.build();

client.simpleOperationWithNoEndpointParams(r -> r.stringMember("test"));

String userAgent = getUserAgentFromLastRequest();
assertThat(userAgent).matches(METRIC_SEARCH_PATTERN.apply("S"));
}

@Test
void when_sigv4aServiceIsUsedAsync_correctMetricIsAdded() {
Sigv4AauthAsyncClient asyncClient = Sigv4AauthAsyncClient.builder()
.region(Region.US_WEST_2)
.credentialsProvider(CREDENTIALS_PROVIDER)
.httpClient(mockAsyncHttpClient)
.build();

asyncClient.simpleOperationWithNoEndpointParams(r -> r.stringMember("test")).join();

String userAgent = getUserAgentFromLastAsyncRequest();
assertThat(userAgent).matches(METRIC_SEARCH_PATTERN.apply("S"));
}

@Test
void when_regularServiceIsUsed_sigv4aMetricIsNotAdded() {
ProtocolRestJsonClient client = ProtocolRestJsonClient.builder()
.region(Region.US_WEST_2)
.credentialsProvider(CREDENTIALS_PROVIDER)
.httpClient(mockHttpClient)
.build();

client.allTypes(r -> {});

String userAgent = getUserAgentFromLastRequest();
assertThat(userAgent).doesNotMatch(METRIC_SEARCH_PATTERN.apply("S"));
}

@Test
void when_regularServiceIsUsedAsync_sigv4aMetricIsNotAdded() {
ProtocolRestJsonAsyncClient asyncClient = ProtocolRestJsonAsyncClient.builder()
.region(Region.US_WEST_2)
.credentialsProvider(CREDENTIALS_PROVIDER)
.httpClient(mockAsyncHttpClient)
.build();

asyncClient.allTypes(r -> {}).join();

String userAgent = getUserAgentFromLastAsyncRequest();
assertThat(userAgent).doesNotMatch(METRIC_SEARCH_PATTERN.apply("S"));
}

@Test
void when_signerIsOverridden_sigv4aMetricIsNotAdded() {
MultiauthClient client = MultiauthClient.builder()
.region(Region.US_WEST_2)
.credentialsProvider(CREDENTIALS_PROVIDER)
.overrideConfiguration(ClientOverrideConfiguration.builder()
.putAdvancedOption(SdkAdvancedClientOption.SIGNER,
Aws4Signer.create())
.build())
.httpClient(mockHttpClient)
.build();

client.multiAuthWithOnlySigv4aAndSigv4(r -> r.stringMember("test"));
String userAgent = getUserAgentFromLastRequest();

assertThat(userAgent).doesNotMatch(METRIC_SEARCH_PATTERN.apply("S"));
}

@Test
void when_authSchemeProviderOverridesSigv4aOrder_sigv4IsSelected() {
MultiauthClient client = MultiauthClient.builder()
.region(Region.US_WEST_2)
.credentialsProvider(CREDENTIALS_PROVIDER)
.authSchemeProvider(MultiauthAuthSchemeProvider.
defaultProvider(
Arrays.asList("sigv4","sigv4a")))
.httpClient(mockHttpClient)
.build();

client.multiAuthWithOnlySigv4aAndSigv4(r -> r.stringMember("test"));
String userAgent = getUserAgentFromLastRequest();

assertThat(userAgent).doesNotMatch(METRIC_SEARCH_PATTERN.apply("S"));
}

private String getUserAgentFromLastRequest() {
SdkHttpRequest lastRequest = mockHttpClient.getLastRequest();
assertThat(lastRequest).isNotNull();

List<String> userAgentHeaders = lastRequest.headers().get(USER_AGENT_HEADER_NAME);
assertThat(userAgentHeaders).isNotNull().hasSize(1);
return userAgentHeaders.get(0);
}

private String getUserAgentFromLastAsyncRequest() {
SdkHttpRequest lastRequest = mockAsyncHttpClient.getLastRequest();
assertThat(lastRequest).isNotNull();

List<String> userAgentHeaders = lastRequest.headers().get(USER_AGENT_HEADER_NAME);
assertThat(userAgentHeaders).isNotNull().hasSize(1);
return userAgentHeaders.get(0);
}

private static HttpExecuteResponse mockResponse() {
return HttpExecuteResponse.builder()
.response(SdkHttpResponse.builder().statusCode(200).build())
.responseBody(AbortableInputStream.create(new StringInputStream("{}")))
.build();
}
}
Loading
Loading