Implement opting out of S3 Express session auth via config variables

[aemous]

Description of changes:

• Added support for opting out of S3 Express session authentication via new disable_s3_express_session_auth client configuration setting, or the new AWS_S3_DISABLE_EXPRESS_SESSION_AUTH environment variable, or the disable_s3_express_session_auth S3 shared configuration setting.
• Added new tests against the new configuration and functionality.

Description of tests:

• Successfully ran all unit and functional tests.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

❌ Patch coverage is 93.75000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 92.62%. Comparing base (b0a4fbe) to head (d662f0e).
⚠️ Report is 401 commits behind head on develop.

Files with missing lines	Patch %	Lines
botocore/args.py	93.33%	1 Missing ⚠️
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #3631      +/-   ##
===========================================
- Coverage    92.71%   92.62%   -0.10%     
===========================================
  Files           68       68              
  Lines        15561    15664     +103     
===========================================
+ Hits         14428    14509      +81     
- Misses        1133     1155      +22     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[SamRemis]

One high level comment (got a few more comments to come):

Your PR description says that there's a new client configuration setting, but this doesn't work:

config = Config(disable_s3_express_session_auth=True)
s3 = boto3.client('s3',config=config)

We never added it to the Config class; how are users expected to set this in code?

[aemous]

We never added it to the Config class; how are users expected to set this in code?

@SamRemis As we discussed offline, it is set in code-config via the S3 config.

import boto3

from botocore.config import Config

my_config = Config(
    s3 = {
        'disable_s3_express_session_auth': True
    }
)

client = boto3.client('s3', config=my_config)
# client = boto3.client('s3')

[SamRemis]

Thank you, you're right. I wasn't familiar with the code path for service specific configs and was expecting an update in config.py

[SamRemis]

I appreciate the use of pytest.mark.parametrize here, but I think it may make more sense to split this into two more readable test cases. One where we assert that s3express auth is disabled, and one where we assert that it's not.

We can use class constants for reusable variables like the method responses, bucket name, and date. Then use a pytest fixture for the datetime.

We should also be adding an assertion on len(http_stubber.requests) for the number of requests on the stubbed client (expect one for the non-session auth test and two for the one with session auth). We could potentially even assert the URL of the first request using stubber.requests[0].url.endswith('?session'), but that's relying on the URL of the API not changing.

I'm asking for a refactoring of the whole class, so happy to chat more about this if you disagree or find any of it confusing.

[aemous]

Published a revision.

[SamRemis]

Looks good, thanks Ahmed :)