aws
diff --git a/‎services/s3/src/it/java/software/amazon/awssdk/services/s3/crt/S3CrtRequestLevelCredentialsIntegrationTest.java‎
Lines changed: 0 additions & 138 deletions b/‎services/s3/src/it/java/software/amazon/awssdk/services/s3/crt/S3CrtRequestLevelCredentialsIntegrationTest.java‎
Lines changed: 0 additions & 138 deletions
diff --git a/‎services/s3/src/test/java/software/amazon/awssdk/services/s3/crt/S3CrtRequestLevelCredentialsWireMockTest.java‎
Lines changed: 144 additions & 0 deletions b/‎services/s3/src/test/java/software/amazon/awssdk/services/s3/crt/S3CrtRequestLevelCredentialsWireMockTest.java‎
Lines changed: 144 additions & 0 deletions
diff --git a/‎services/s3/src/test/java/software/amazon/awssdk/services/s3/internal/crt/DefaultS3CrtAsyncClientTest.java‎
Lines changed: 0 additions & 74 deletions b/‎services/s3/src/test/java/software/amazon/awssdk/services/s3/internal/crt/DefaultS3CrtAsyncClientTest.java‎
Lines changed: 0 additions & 74 deletions
@@ -0,0 +1,144 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ *
+ *  http://aws.amazon.com/apache2.0
+ *
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package software.amazon.awssdk.services.s3.crt;
+
+import static com.github.tomakehurst.wiremock.client.WireMock.anyUrl;
+import static com.github.tomakehurst.wiremock.client.WireMock.containing;
+import static com.github.tomakehurst.wiremock.client.WireMock.get;
+import static com.github.tomakehurst.wiremock.client.WireMock.getRequestedFor;
+import static com.github.tomakehurst.wiremock.client.WireMock.head;
+import static com.github.tomakehurst.wiremock.client.WireMock.headRequestedFor;
+import static com.github.tomakehurst.wiremock.client.WireMock.put;
+import static com.github.tomakehurst.wiremock.client.WireMock.putRequestedFor;
+import static com.github.tomakehurst.wiremock.client.WireMock.stubFor;
+import static com.github.tomakehurst.wiremock.client.WireMock.urlPathEqualTo;
+import static com.github.tomakehurst.wiremock.client.WireMock.verify;
+
+import com.github.tomakehurst.wiremock.client.WireMock;
+import com.github.tomakehurst.wiremock.junit5.WireMockRuntimeInfo;
+import com.github.tomakehurst.wiremock.junit5.WireMockTest;
+import java.net.URI;
+import java.nio.charset.StandardCharsets;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.Timeout;
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
+import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
+import software.amazon.awssdk.core.async.AsyncRequestBody;
+import software.amazon.awssdk.core.async.AsyncResponseTransformer;
+import software.amazon.awssdk.crt.Log;
+import software.amazon.awssdk.regions.Region;
+import software.amazon.awssdk.services.s3.S3AsyncClient;
+
+/**
+ * WireMock tests verifying that request-level credential overrides are used for signing
+ * with the S3 CRT client. Verifies the Authorization header contains the expected access key.
+ */
+@WireMockTest
+@Timeout(10)
+public class S3CrtRequestLevelCredentialsWireMockTest {
+
+    private static final String BUCKET = "my-bucket";
+    private static final String KEY = "my-key";
+    private static final String PATH = String.format("/%s/%s", BUCKET, KEY);
+    private static final byte[] CONTENT = "hello".getBytes(StandardCharsets.UTF_8);
+
+    private static final StaticCredentialsProvider CLIENT_CREDENTIALS =
+        StaticCredentialsProvider.create(AwsBasicCredentials.create("clientAccessKey", "clientSecretKey"));
+
+    private static final StaticCredentialsProvider REQUEST_CREDENTIALS =
+        StaticCredentialsProvider.create(AwsBasicCredentials.create("requestAccessKey", "requestSecretKey"));
+
+    private S3AsyncClient s3;
+
+    @BeforeAll
+    public static void setUpBeforeAll() {
+        System.setProperty("aws.crt.debugnative", "true");
+        Log.initLoggingToStdout(Log.LogLevel.Warn);
+    }
+
+    @BeforeEach
+    public void setup(WireMockRuntimeInfo wiremock) {
+        stubFor(head(urlPathEqualTo(PATH))
+                    .willReturn(WireMock.aResponse().withStatus(200)
+                                        .withHeader("ETag", "etag")
+                                        .withHeader("Content-Length",
+                                                    Integer.toString(CONTENT.length))));
+        stubFor(get(urlPathEqualTo(PATH))
+                    .willReturn(WireMock.aResponse().withStatus(200)
+                                        .withHeader("Content-Type", "text/plain")
+                                        .withBody(CONTENT)));
+        stubFor(put(urlPathEqualTo(PATH))
+                    .willReturn(WireMock.aResponse().withStatus(200)
+                                        .withHeader("ETag", "etag")));
+
+        s3 = S3AsyncClient.crtBuilder()
+                          .endpointOverride(URI.create("http://localhost:" + wiremock.getHttpPort()))
+                          .credentialsProvider(CLIENT_CREDENTIALS)
+                          .forcePathStyle(true)
+                          .region(Region.US_EAST_1)
+                          .build();
+    }
+
+    @AfterEach
+    public void tearDown() {
+        s3.close();
+    }
+
+    @Test
+    void getObject_withRequestLevelCredentials_shouldSignWithOverrideCredentials() {
+        s3.getObject(
+            b -> b.bucket(BUCKET).key(KEY)
+                  .overrideConfiguration(o -> o.credentialsProvider(REQUEST_CREDENTIALS)),
+            AsyncResponseTransformer.toBytes()).join();
+
+        verify(getRequestedFor(urlPathEqualTo(PATH))
+                   .withHeader("Authorization", containing("Credential=requestAccessKey/")));
+    }
+
+    @Test
+    void getObject_withoutRequestLevelCredentials_shouldSignWithClientCredentials() {
+        s3.getObject(
+            b -> b.bucket(BUCKET).key(KEY),
+            AsyncResponseTransformer.toBytes()).join();
+
+        verify(getRequestedFor(urlPathEqualTo(PATH))
+                   .withHeader("Authorization", containing("Credential=clientAccessKey/")));
+    }
+
+    @Test
+    void putObject_withRequestLevelCredentials_shouldSignWithOverrideCredentials() {
+        s3.putObject(
+            b -> b.bucket(BUCKET).key(KEY)
+                  .overrideConfiguration(o -> o.credentialsProvider(REQUEST_CREDENTIALS)),
+            AsyncRequestBody.fromString("hello")).join();
+
+        verify(putRequestedFor(urlPathEqualTo(PATH))
+                   .withHeader("Authorization", containing("Credential=requestAccessKey/")));
+    }
+
+    @Test
+    void putObject_withoutRequestLevelCredentials_shouldSignWithClientCredentials() {
+        s3.putObject(
+            b -> b.bucket(BUCKET).key(KEY),
+            AsyncRequestBody.fromString("hello")).join();
+
+        verify(putRequestedFor(urlPathEqualTo(PATH))
+                   .withHeader("Authorization", containing("Credential=clientAccessKey/")));
+    }
+}
@@ -22,9 +22,7 @@
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.ValueSource;
-import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
 import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
-import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
 import software.amazon.awssdk.auth.signer.AwsS3V4Signer;
 import software.amazon.awssdk.core.async.AsyncRequestBody;
 import software.amazon.awssdk.core.async.AsyncResponseTransformer;
@@ -33,7 +31,6 @@
 import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
 import software.amazon.awssdk.core.interceptor.ExecutionInterceptor;
 import software.amazon.awssdk.core.interceptor.SdkInternalExecutionAttribute;
-import software.amazon.awssdk.http.SdkHttpExecutionAttributes;
 import software.amazon.awssdk.identity.spi.AwsCredentialsIdentity;
 import software.amazon.awssdk.identity.spi.IdentityProvider;
 import software.amazon.awssdk.services.s3.DelegatingS3AsyncClient;
@@ -165,75 +162,4 @@ void build_withAdvancedOptions() {
         }
     }
 
-    @Test
-    void afterMarshalling_withRequestLevelCredentials_shouldAttachCrtCredentialsAdapterToHttpAttributes() {
-        AtomicReference<SdkHttpExecutionAttributes> capturedAttributes = new AtomicReference<>();
-
-        ExecutionInterceptor attributeCaptor = new ExecutionInterceptor() {
-            @Override
-            public void afterMarshalling(Context.AfterMarshalling context, ExecutionAttributes executionAttributes) {
-                capturedAttributes.set(
-                    executionAttributes.getAttribute(SdkInternalExecutionAttribute.SDK_HTTP_EXECUTION_ATTRIBUTES));
-                throw new RuntimeException("STOP");
-            }
-        };
-
-        DefaultS3CrtAsyncClient.DefaultS3CrtClientBuilder builder =
-            (DefaultS3CrtAsyncClient.DefaultS3CrtClientBuilder) S3CrtAsyncClient.builder();
-        builder.addExecutionInterceptor(attributeCaptor);
-
-        try (S3AsyncClient s3AsyncClient = builder.build()) {
-            IdentityProvider<? extends AwsCredentialsIdentity> requestCredentials =
-                StaticCredentialsProvider.create(AwsBasicCredentials.create("requestAkid", "requestSkid"));
-
-            assertThatThrownBy(() -> s3AsyncClient.getObject(
-                b -> b.bucket("bucket").key("key")
-                      .overrideConfiguration(o -> o.credentialsProvider(requestCredentials)),
-                AsyncResponseTransformer.toBytes()).join()).hasMessageContaining("STOP");
-
-            SdkHttpExecutionAttributes httpAttributes = capturedAttributes.get();
-            assertThat(httpAttributes).isNotNull();
-            CrtCredentialsProviderAdapter adapter =
-                httpAttributes.getAttribute(S3InternalSdkHttpExecutionAttribute.CRT_CREDENTIALS_PROVIDER_ADAPTER);
-            assertThat(adapter).isNotNull();
-
-            software.amazon.awssdk.crt.auth.credentials.Credentials crtCreds =
-                adapter.crtCredentials().getCredentials().join();
-            assertThat(crtCreds.getAccessKeyId())
-                .isEqualTo("requestAkid".getBytes(java.nio.charset.StandardCharsets.UTF_8));
-            assertThat(crtCreds.getSecretAccessKey())
-                .isEqualTo("requestSkid".getBytes(java.nio.charset.StandardCharsets.UTF_8));
-        }
-    }
-
-    @Test
-    void afterMarshalling_withoutRequestLevelCredentials_shouldNotAttachCrtCredentialsAdapter() {
-        AtomicReference<SdkHttpExecutionAttributes> capturedAttributes = new AtomicReference<>();
-
-        ExecutionInterceptor attributeCaptor = new ExecutionInterceptor() {
-            @Override
-            public void afterMarshalling(Context.AfterMarshalling context, ExecutionAttributes executionAttributes) {
-                capturedAttributes.set(
-                    executionAttributes.getAttribute(SdkInternalExecutionAttribute.SDK_HTTP_EXECUTION_ATTRIBUTES));
-                throw new RuntimeException("STOP");
-            }
-        };
-
-        DefaultS3CrtAsyncClient.DefaultS3CrtClientBuilder builder =
-            (DefaultS3CrtAsyncClient.DefaultS3CrtClientBuilder) S3CrtAsyncClient.builder();
-        builder.addExecutionInterceptor(attributeCaptor);
-
-        try (S3AsyncClient s3AsyncClient = builder.build()) {
-            assertThatThrownBy(() -> s3AsyncClient.getObject(
-                b -> b.bucket("bucket").key("key"),
-                AsyncResponseTransformer.toBytes()).join()).hasMessageContaining("STOP");
-
-            SdkHttpExecutionAttributes httpAttributes = capturedAttributes.get();
-            assertThat(httpAttributes).isNotNull();
-            CrtCredentialsProviderAdapter adapter =
-                httpAttributes.getAttribute(S3InternalSdkHttpExecutionAttribute.CRT_CREDENTIALS_PROVIDER_ADAPTER);
-            assertThat(adapter).isNull();
-        }
-    }
-
 }