Add AccountId and CredentialScope AWS BuiltIns

* Add AccountId and CredentialScope BuiltIns

* Fix checkstyle, make docs more vague

* Add AwsBuiltinValidator

* Cleanup from PR + add test cases

* Change eventIdSuffix for AWS Builtin validator

* PR feedback

* Remove extra prefix from eventId

* Formatting

---------

Co-authored-by: Kevin Stich <kevin@kstich.com>

docs/source-2.0/aws/rules-engine/built-ins.rst

@@ -68,6 +68,25 @@ Description
 Type
     ``boolean``
 
+.. _rules-engine-aws-built-ins-account-id:
+
+``AWS::Auth::AccountId`` built-in
+=================================
+
+Description
+    The AWS AccountId.
+Type
+    ``string``
+
+.. _rules-engine-aws-built-ins-credential-scope:
+
+``AWS::Auth::CredentialScope`` built-in
+=======================================
+
+Description
+    The AWS Credential Scope.
+Type
+    ``string``
 
 .. _rules-engine-aws-built-ins-s3-accelerate:
 

smithy-aws-endpoints/src/main/java/software/amazon/smithy/rulesengine/aws/language/functions/AwsBuiltIns.java

@@ -53,6 +53,28 @@ public final class AwsBuiltIns {
                     .documentation("The AWS region used to dispatch the request.")
                     .build();
 
+    /**
+     * Built-in parameter representing the AccountId.
+     */
+    public static final Parameter ACCOUNT_ID =
+            Parameter.builder()
+                    .name("AccountId")
+                    .type(ParameterType.STRING)
+                    .builtIn("AWS::Auth::AccountId")
+                    .documentation("The AWS AccountId used for the request.")
+                    .build();
+
+    /**
+     * Built-in parameter representing the Credential Scope.
+     */
+    public static final Parameter CREDENTIAL_SCOPE =
+            Parameter.builder()
+                    .name("CredentialScope")
+                    .type(ParameterType.STRING)
+                    .builtIn("AWS::Auth::CredentialScope")
+                    .documentation("The AWS Credential Scope used for the request.")
+                    .build();
+
     /**
      * This MUST only be used by the S3 rules.
      */

smithy-aws-endpoints/src/main/java/software/amazon/smithy/rulesengine/aws/language/functions/AwsRuleSetExtension.java

@@ -22,6 +22,8 @@ public List<Parameter> getBuiltIns() {
                 AwsBuiltIns.DUALSTACK,
                 AwsBuiltIns.FIPS,
                 AwsBuiltIns.REGION,
+                AwsBuiltIns.ACCOUNT_ID,
+                AwsBuiltIns.CREDENTIAL_SCOPE,
                 AwsBuiltIns.S3_ACCELERATE,
                 AwsBuiltIns.S3_DISABLE_MRAP,
                 AwsBuiltIns.S3_FORCE_PATH_STYLE,

smithy-aws-endpoints/src/main/java/software/amazon/smithy/rulesengine/aws/validators/RuleSetAwsBuiltInValidator.java

@@ -0,0 +1,67 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package software.amazon.smithy.rulesengine.aws.validators;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Optional;
+import java.util.Set;
+import software.amazon.smithy.model.FromSourceLocation;
+import software.amazon.smithy.model.Model;
+import software.amazon.smithy.model.shapes.ServiceShape;
+import software.amazon.smithy.model.validation.AbstractValidator;
+import software.amazon.smithy.model.validation.ValidationEvent;
+import software.amazon.smithy.rulesengine.aws.language.functions.AwsBuiltIns;
+import software.amazon.smithy.rulesengine.language.EndpointRuleSet;
+import software.amazon.smithy.rulesengine.language.syntax.parameters.Parameter;
+import software.amazon.smithy.rulesengine.traits.EndpointRuleSetTrait;
+import software.amazon.smithy.utils.SetUtils;
+
+
+/**
+ * Validator that AWS built-ins used in RuleSet parameters are supported.
+ */
+public class RuleSetAwsBuiltInValidator extends AbstractValidator {
+    private static final Set<String> ADDITIONAL_CONSIDERATION_BUILT_INS = SetUtils.of(
+            AwsBuiltIns.ACCOUNT_ID.getBuiltIn().get(),
+            AwsBuiltIns.CREDENTIAL_SCOPE.getBuiltIn().get());
+    private static final String ADDITIONAL_CONSIDERATION_MESSAGE = "The `%s` built-in used requires additional "
+           + "consideration of the rules that use it.";
+
+    @Override
+    public List<ValidationEvent> validate(Model model) {
+        List<ValidationEvent> events = new ArrayList<>();
+        for (ServiceShape serviceShape : model.getServiceShapesWithTrait(EndpointRuleSetTrait.class)) {
+            events.addAll(validateRuleSetAwsBuiltIns(serviceShape, serviceShape.expectTrait(EndpointRuleSetTrait.class)
+                    .getEndpointRuleSet()));
+        }
+        return events;
+    }
+
+    private List<ValidationEvent> validateRuleSetAwsBuiltIns(ServiceShape serviceShape, EndpointRuleSet ruleSet) {
+        List<ValidationEvent> events = new ArrayList<>();
+        for (Parameter parameter : ruleSet.getParameters()) {
+            if (parameter.isBuiltIn()) {
+                validateBuiltIn(serviceShape, parameter.getBuiltIn().get(), parameter).ifPresent(events::add);
+            }
+        }
+        return events;
+    }
+
+    private Optional<ValidationEvent> validateBuiltIn(
+            ServiceShape serviceShape,
+            String builtInName,
+            FromSourceLocation source
+    ) {
+        if (ADDITIONAL_CONSIDERATION_BUILT_INS.contains(builtInName)) {
+            return Optional.of(danger(
+                    serviceShape, source,
+                    String.format(ADDITIONAL_CONSIDERATION_MESSAGE, builtInName),
+                    builtInName));
+        }
+        return Optional.empty();
+    }
+}

smithy-aws-endpoints/src/main/resources/META-INF/services/software.amazon.smithy.model.validation.Validator

@@ -0,0 +1 @@
+software.amazon.smithy.rulesengine.aws.validators.RuleSetAwsBuiltInValidator

smithy-aws-endpoints/src/test/resources/software/amazon/smithy/rulesengine/aws/language/functions/errorfiles/invalid/additional-consideration-built-ins.errors

@@ -0,0 +1,3 @@
+[WARNING] example#FizzBuzz: This shape applies a trait that is unstable: smithy.rules#endpointRuleSet | UnstableTrait
+[DANGER] example#FizzBuzz: The `AWS::Auth::AccountId` built-in used requires additional consideration of the rules that use it. | RuleSetAwsBuiltIn.AWS::Auth::AccountId
+[DANGER] example#FizzBuzz: The `AWS::Auth::CredentialScope` built-in used requires additional consideration of the rules that use it. | RuleSetAwsBuiltIn.AWS::Auth::CredentialScope

smithy-aws-endpoints/src/test/resources/software/amazon/smithy/rulesengine/aws/language/functions/errorfiles/invalid/additional-consideration-built-ins.smithy

@@ -0,0 +1,39 @@
+$version: "1.0"
+
+namespace example
+
+use smithy.rules#endpointRuleSet
+
+@endpointRuleSet({
+    "version": "1.3",
+    "parameters": {
+        "Region": {
+            "required": true,
+            "builtIn": "AWS::Region",
+            "type": "String",
+            "documentation": "docs"
+        },
+        "AccountId": {
+            "builtIn": "AWS::Auth::AccountId",
+            "type": "String",
+            "documentation": "docs"
+        },
+        "CredentialScope": {
+            "builtIn": "AWS::Auth::CredentialScope",
+            "type": "String",
+            "documentation": "docs"
+        }
+    },
+    "rules": [
+        {
+            "conditions": [],
+            "documentation": "base rule",
+            "endpoint": {
+                "url": "https://{Region}.fizzbuzz.amazonaws.com",
+                "headers": {}
+            },
+            "type": "endpoint"
+        }
+    ]
+})
+service FizzBuzz {}