feat(credential-providers): source accountId from credential providers

[siddsriv]

Issue

Internal JS-4633
Part 1

Description

Sources accountId from credential providers.

• STS

 PASS  test/defaultRoleAssumers.spec.ts
  getDefaultRoleAssumer
    ✓ should use supplied source credentials (59 ms)
    ✓ should return accountId in the credentials (7 ms)
    ✓ should use the STS client config (64 ms)
    ✓ should use the parent client config (13 ms)
    ✓ should use the STS client middleware (5 ms)
  getDefaultRoleAssumerWithWebIdentity
    ✓ should use the STS client config (18 ms)
    ✓ should return accountId in the credentials (4 ms)
    ✓ should use the STS client middleware (6 ms)

Test Suites: 1 passed, 1 total
Tests:       8 passed, 8 total
Snapshots:   0 total
Time:        2.76 s, estimated 4 s
Ran all test suites.
Done in 3.48s.

• SSO

 PASS  src/isSsoProfile.spec.ts (5.651 s)
 PASS  src/validateSsoProfile.spec.ts (5.806 s)
 PASS  src/fromSSO.spec.ts (5.911 s)
 PASS  src/resolveSSOCredentials.spec.ts (6.007 s)

Test Suites: 4 passed, 4 total
Tests:       33 passed, 33 total
Snapshots:   0 total
Time:        6.34 s, estimated 7 s
Ran all test suites.
Done in 7.00s.

• Static

 PASS  src/resolveStaticCredentials.spec.ts (7.818 s)
 PASS  src/resolveWebIdentityCredentials.spec.ts (8.174 s)
 PASS  src/fromIni.spec.ts (8.452 s)
 PASS  src/resolveProfileData.spec.ts (8.562 s)
 PASS  src/resolveProcessCredentials.spec.ts (8.556 s)
 PASS  src/resolveSsoCredentials.spec.ts
 PASS  src/resolveCredentialSource.spec.ts (8.633 s)
 PASS  src/resolveAssumeRoleCredentials.spec.ts (8.761 s)

Test Suites: 8 passed, 8 total
Tests:       91 passed, 91 total
Snapshots:   0 total
Time:        9.109 s, estimated 10 s
Ran all test suites.
Done in 9.63s.

• Process

 PASS  src/getValidatedProcessCredentials.spec.ts
 PASS  src/resolveProcessCredentials.spec.ts
 PASS  src/fromProcess.spec.ts

Test Suites: 3 passed, 3 total
Tests:       17 passed, 17 total
Snapshots:   0 total
Time:        4.939 s, estimated 5 s
Ran all test suites.
Done in 5.44s.

• Env

 PASS  src/fromEnv.spec.ts
  fromEnv
    ✓ should read credentials from known environment variables (4 ms)
    ✓ can create credentials without a session token, accountId, or expiration (1 ms)
    ✓ should include accountId when it is provided in environment variables (1 ms)
    ✓ should not include accountId when it is not provided in environment variables (1 ms)
    ✓ throws if env['AWS_ACCESS_KEY_ID'] is not found (1 ms)
    ✓ throws if env['AWS_SECRET_ACCESS_KEY'] is not found

Test Suites: 1 passed, 1 total
Tests:       6 passed, 6 total
Snapshots:   0 total
Time:        3.716 s
Ran all test suites.
Done in 4.33s.

• Container (PR: feat(credential-provider-imds): source accountId from IMDS smithy-lang/smithy-typescript#1247)

 PASS  packages/credential-provider-imds/src/remoteProvider/ImdsCredentials.spec.ts
  isImdsCredentials
    ✓ should accept valid ImdsCredentials objects (1 ms)
    ✓ should reject credentials without an AccessKeyId
    ✓ should reject credentials without a SecretAccessKey
    ✓ should reject credentials without a Token
    ✓ should reject credentials without an Expiration
    ✓ should reject scalar values
  fromImdsCredentials
    ✓ should convert IMDS credentials to a credentials object (1 ms)
    ✓ should convert IMDS credentials to a credentials object without accountId when it's not provided (1 ms)

Test Suites: 1 passed, 1 total
Tests:       8 passed, 8 total
Snapshots:   0 total
Time:        3.257 s, estimated 4 s

PR to update AwsCredentialIdentity interface: smithy-lang/smithy-typescript#1240

Testing

To-Do:

• merge AwsCredentialIdentity interface PR above
• run (updated) unit tests following above merge for all the credential providers that were modified.
• run codegen for sts-defaultRoleAssumers since it copies these files to the client
• copy .spec.ts for client-sts from codegen dir manually (test file isn't being copied properly)

---

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[kuhe]

there doesn't seem to be any point to this check, or the aws_session_token one

[siddsriv]

 ● isStaticCredsProfile › value at 'aws_session_token' is not of type string | undefined
  expect(received).toEqual(expected) // deep equality

    Expected: false
    Received: true

      30 |   it.each(["aws_session_token"])("value at '%s' is not of type string | undefined", (key) => {
      31 |     [true, null, 1, NaN, {}].forEach((value) => {
    > 32 |       expect(isStaticCredsProfile({ ...getMockStaticCredsProfile(), [key]: value })).toEqual(false);
         |                                                                                      ^
      33 |     });
      34 |   });
      35 |

      at src/resolveStaticCredentials.spec.ts:32:86
          at Array.forEach (<anonymous>)
      at src/resolveStaticCredentials.spec.ts:31:30

unit test seems to fail when i remove these checks (for both session token and accountId). we'll have to change the unit tests for these as well.

[kuhe]

could you change accountId and credentialScope to only be included if defined for credential objects?

[siddsriv]

added and left the interface here instead of a new file, since the overhead of copying a new file to clients seems more than having a single interface present here. if we find ourselves adding many STS interfaces, we should consider refactoring a little.

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.