module Aws::Endpoints

def default_api_auth(context) 

def default_api_auth(context)
  context.config.api.operation(context.operation_name)['auth'] ||
    context.config.api.metadata['auth']
end

def default_auth_scheme(context) 

def default_auth_scheme(context)
  if (auth_list = default_api_auth(context))
    auth = auth_list.find { |a| SUPPORTED_AUTH_TRAITS.include?(a) }
    case auth
    when 'aws.auth#sigv4', 'aws.auth#sigv4a'
      auth_scheme = { 'name' => auth.split('#').last }
      if s3_or_s3v4_signature_version?(context)
        auth_scheme = auth_scheme.merge(
          'disableDoubleEncoding' => true,
          'disableNormalizePath' => true
        )
      end
      merge_signing_defaults(auth_scheme, context.config)
    when 'smithy.api#httpBearerAuth'
      { 'name' => 'bearer' }
    when 'smithy.api#noAuth'
      { 'name' => 'none' }
    else
      raise 'No supported auth trait for this endpoint.'
    end
  else
    legacy_default_auth_scheme(context)
  end
end

def legacy_default_api_authtype(context) 

def legacy_default_api_authtype(context)
  context.config.api.operation(context.operation_name)['authtype'] ||
    context.config.api.metadata['signatureVersion']
end

def legacy_default_auth_scheme(context) 

def legacy_default_auth_scheme(context)
  case legacy_default_api_authtype(context)
  when 'v4', 'v4-unsigned-body'
    auth_scheme = { 'name' => 'sigv4' }
    merge_signing_defaults(auth_scheme, context.config)
  when 's3', 's3v4'
    auth_scheme = {
      'name' => 'sigv4',
      'disableDoubleEncoding' => true,
      'disableNormalizePath' => true
    }
    merge_signing_defaults(auth_scheme, context.config)
  when 'bearer'
    { 'name' => 'bearer' }
  when 'none', nil
    { 'name' => 'none' }
  end
end

def merge_signing_defaults(auth_scheme, config) 

def merge_signing_defaults(auth_scheme, config)
  if %w[sigv4 sigv4a sigv4-s3express].include?(auth_scheme['name'])
    auth_scheme['signingName'] ||= sigv4_name(config)
    # back fill disableNormalizePath for S3 until it gets correctly set in the rules
    if auth_scheme['signingName'] == 's3' &&
      !auth_scheme.include?('disableNormalizePath') &&
      auth_scheme.include?('disableDoubleEncoding')
      auth_scheme['disableNormalizePath'] = auth_scheme['disableDoubleEncoding']
    end
    if auth_scheme['name'] == 'sigv4a'
      # config option supersedes endpoint properties
      auth_scheme['signingRegionSet'] =
        config.sigv4a_signing_region_set || auth_scheme['signingRegionSet'] || [config.region]
    else
      auth_scheme['signingRegion'] ||= config.region
    end
  end
  auth_scheme
end

def resolve_auth_scheme(context, endpoint) 

def resolve_auth_scheme(context, endpoint)
  if endpoint && (auth_schemes = endpoint.properties['authSchemes'])
    auth_scheme = auth_schemes.find do |scheme|
      Aws::Plugins::Sign::SUPPORTED_AUTH_TYPES.include?(scheme['name'])
    end
    raise 'No supported auth scheme for this endpoint.' unless auth_scheme
    merge_signing_defaults(auth_scheme, context.config)
  else
    default_auth_scheme(context)
  end
end

def s3_or_s3v4_signature_version?(context) 

def s3_or_s3v4_signature_version?(context)
  %w[s3 s3v4].include?(context.config.api.metadata['signatureVersion'])
end

def sigv4_name(config) 

def sigv4_name(config)
  config.api.metadata['signingName'] ||
    config.api.metadata['endpointPrefix']
end