Extract AWS built-ins and auth validation

This commit updates the endpoint rule set SPI to provide several
components to the implementation, built-in parameters and auth
scheme validators in addition to library functions. AWS specific
components have been extracted to their own package, and core
components are provided through their own extension.

Author: kstich

smithy-aws-rules-engine/src/main/java/software/amazon/smithy/rulesengine/aws/language/functions/AwsBuiltIns.java

@@ -0,0 +1,149 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package software.amazon.smithy.rulesengine.aws.language.functions;
+
+import software.amazon.smithy.rulesengine.language.evaluation.value.Value;
+import software.amazon.smithy.rulesengine.language.syntax.parameters.Parameter;
+import software.amazon.smithy.rulesengine.language.syntax.parameters.ParameterType;
+
+/**
+ * AWS-specific built-in parameters for EndpointRules.
+ */
+public final class AwsBuiltIns {
+    /**
+     * Built-in parameter representing the DualStack parameter for SDKs.
+     */
+    public static final Parameter DUALSTACK =
+            Parameter.builder()
+                    .name("UseDualStack")
+                    .type(ParameterType.BOOLEAN)
+                    .builtIn("AWS::UseDualStack")
+                    .documentation("When true, use the dual-stack endpoint. If the configured endpoint does not "
+                            + "support dual-stack, dispatching the request MAY return an error.")
+                    .required(true)
+                    .defaultValue(Value.booleanValue(false))
+                    .build();
+
+    /**
+     * Built-in parameter representing whether the endpoint must be FIPS-compliant.
+     */
+    public static final Parameter FIPS =
+            Parameter.builder()
+                    .name("UseFIPS")
+                    .type(ParameterType.BOOLEAN)
+                    .builtIn("AWS::UseFIPS")
+                    .documentation("When true, send this request to the FIPS-compliant regional endpoint. If the "
+                            + "configured endpoint does not have a FIPS compliant endpoint, dispatching "
+                            + "the request will return an error.")
+                    .required(true)
+                    .defaultValue(Value.booleanValue(false))
+                    .build();
+
+    /**
+     * Built-in parameter representing Region eg. `us-east-1`.
+     */
+    public static final Parameter REGION =
+            Parameter.builder()
+                    .name("Region")
+                    .type(ParameterType.STRING)
+                    .builtIn("AWS::Region")
+                    .documentation("The AWS region used to dispatch the request.")
+                    .build();
+
+    /**
+     * This MUST only be used by the S3 rules.
+     */
+    public static final Parameter S3_ACCELERATE =
+            Parameter.builder()
+                    .type(ParameterType.BOOLEAN)
+                    .name("Accelerate")
+                    .builtIn("AWS::S3::Accelerate")
+                    .required(true)
+                    .defaultValue(Value.booleanValue(false))
+                    .documentation("When true, use S3 Accelerate. NOTE: Not all regions support S3 accelerate.")
+                    .build();
+
+    /**
+     * This MUST only be used by the S3 rules.
+     */
+    public static final Parameter S3_DISABLE_MRAP =
+            Parameter.builder()
+                    .type(ParameterType.BOOLEAN)
+                    .name("DisableMultiRegionAccessPoints")
+                    .builtIn("AWS::S3::DisableMultiRegionAccessPoints")
+                    .required(true)
+                    .defaultValue(Value.booleanValue(false))
+                    .documentation("Whether multi-region access points (MRAP) should be disabled.")
+                    .build();
+
+    /**
+     * This MUST only be used by the S3 rules.
+     */
+    public static final Parameter S3_FORCE_PATH_STYLE =
+            Parameter.builder()
+                    .type(ParameterType.BOOLEAN)
+                    .name("ForcePathStyle")
+                    .builtIn("AWS::S3::ForcePathStyle")
+                    .documentation("When true, force a path-style endpoint to be used where the bucket name is part "
+                            + "of the path.")
+                    .build();
+
+    /**
+     * This MUST only be used by the S3 rules.
+     */
+    public static final Parameter S3_USE_ARN_REGION =
+            Parameter.builder()
+                    .type(ParameterType.BOOLEAN)
+                    .name("UseArnRegion")
+                    .builtIn("AWS::S3::UseArnRegion")
+                    .documentation("When an Access Point ARN is provided and this flag is enabled, the SDK MUST use "
+                            + "the ARN's region when constructing the endpoint instead of the client's "
+                            + "configured region.")
+                    .build();
+
+    /**
+     * This MUST only be used by the S3 rules.
+     */
+    public static final Parameter S3_USE_GLOBAL_ENDPOINT =
+            Parameter.builder()
+                    .type(ParameterType.BOOLEAN)
+                    .name("UseGlobalEndpoint")
+                    .builtIn("AWS::S3::UseGlobalEndpoint")
+                    .required(true)
+                    .defaultValue(Value.booleanValue(false))
+                    .documentation("Whether the global endpoint should be used, rather then "
+                            + "the regional endpoint for us-east-1.")
+                    .build();
+
+    /**
+     * This MUST only be used by the S3Control rules.
+     */
+    public static final Parameter S3_CONTROL_USE_ARN_REGION =
+            Parameter.builder()
+                    .type(ParameterType.BOOLEAN)
+                    .name("UseArnRegion")
+                    .builtIn("AWS::S3Control::UseArnRegion")
+                    .documentation("When an Access Point ARN is provided and this flag is enabled, the SDK MUST use "
+                            + "the ARN's region when constructing the endpoint instead of the client's "
+                            + "configured region.")
+                    .build();
+
+    /**
+     * This MUST only be used by the STS rules.
+     */
+    public static final Parameter STS_USE_GLOBAL_ENDPOINT =
+            Parameter.builder()
+                    .type(ParameterType.BOOLEAN)
+                    .name("UseGlobalEndpoint")
+                    .builtIn("AWS::STS::UseGlobalEndpoint")
+                    .required(true)
+                    .defaultValue(Value.booleanValue(false))
+                    .documentation("Whether the global endpoint should be used, rather then "
+                            + "the regional endpoint for us-east-1.")
+                    .build();
+
+    private AwsBuiltIns() {}
+}

smithy-aws-rules-engine/src/main/java/software/amazon/smithy/rulesengine/aws/language/functions/AwsPartition.java

@@ -48,6 +48,15 @@ private AwsPartition(FunctionNode functionNode) {
         super(DEFINITION, functionNode);
     }
 
+    /**
+     * Gets the {@link FunctionDefinition} implementation.
+     *
+     * @return the function definition.
+     */
+    public static Definition getDefinition() {
+        return DEFINITION;
+    }
+
     @Override
     public <T> T accept(ExpressionVisitor<T> visitor) {
         return visitor.visitLibraryFunction(DEFINITION, getArguments());

smithy-aws-rules-engine/src/main/java/software/amazon/smithy/rulesengine/aws/language/functions/AwsRuleSetExtension.java

@@ -0,0 +1,49 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package software.amazon.smithy.rulesengine.aws.language.functions;
+
+import java.util.List;
+import software.amazon.smithy.rulesengine.language.EndpointRuleSetExtension;
+import software.amazon.smithy.rulesengine.language.syntax.expressions.functions.FunctionDefinition;
+import software.amazon.smithy.rulesengine.language.syntax.parameters.Parameter;
+import software.amazon.smithy.rulesengine.validators.AuthSchemeValidator;
+import software.amazon.smithy.utils.ListUtils;
+
+/**
+ * AWS-specific extensions to smithy-rules-engine.
+ */
+public final class AwsRuleSetExtension implements EndpointRuleSetExtension {
+    @Override
+    public List<Parameter> getBuiltIns() {
+        return ListUtils.of(
+                AwsBuiltIns.DUALSTACK,
+                AwsBuiltIns.FIPS,
+                AwsBuiltIns.REGION,
+                AwsBuiltIns.S3_ACCELERATE,
+                AwsBuiltIns.S3_DISABLE_MRAP,
+                AwsBuiltIns.S3_FORCE_PATH_STYLE,
+                AwsBuiltIns.S3_USE_ARN_REGION,
+                AwsBuiltIns.S3_USE_GLOBAL_ENDPOINT,
+                AwsBuiltIns.S3_CONTROL_USE_ARN_REGION,
+                AwsBuiltIns.STS_USE_GLOBAL_ENDPOINT);
+    }
+
+    @Override
+    public List<FunctionDefinition> getLibraryFunctions() {
+        return ListUtils.of(
+                AwsPartition.getDefinition(),
+                IsVirtualHostableS3Bucket.getDefinition(),
+                ParseArn.getDefinition());
+    }
+
+    @Override
+    public List<AuthSchemeValidator> getAuthSchemeValidators() {
+        return ListUtils.of(
+                new EndpointAuthUtils.SigV4SchemeValidator(),
+                new EndpointAuthUtils.SigV4aSchemeValidator(),
+                new EndpointAuthUtils.BetaSchemeValidator());
+    }
+}