Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: account id endpoint support #2976

Merged
merged 14 commits into from
Aug 5, 2024
Merged

feat: account id endpoint support #2976

merged 14 commits into from
Aug 5, 2024

Conversation

yenfryherrerafeliz
Copy link
Contributor

Issue #, if available:

Description of changes:

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@yenfryherrerafeliz
feat: account id endpoint resolution support
2ea2504 
This change add account_id as part of the identity resolution, from the different credentials provider. It also validates whether an account should have been resolved based on the configure option account_id_endpoint_mode. The way this is done is by using lazy resolvers. We wrap the credentials provider into a custom lazy resolver that will avoid resolving credentials more than once, which means that in that credentials lazy resolver the value will be resolved once, and it will be returned everytime the credentials provider is consumed/invoked. For accountId builts-in, we also use a lazy resolver which holds the validation for wheter account_id value should have been resolved as part of the resolved identity. This accountId built-ins lazy resolver is resolved from endpoint resolution.
@yenfryherrerafeliz
fix: force credentials resolution and resolve conf
319169a 
For resolving credentials just once per request, and no just once per client initialization, we are adding a middleware that will call forceRefresh method from the CredentialsLazyResolver implementation, and since this middleware will be executed in every request then, the credentials will be fresh per request. We are also fixing here how account_id_endpoint_mode configuration is being resolved.
@yenfryherrerafeliz
fix: address PR feedback for accountId support
afa8033 
In this change we add AccountId resolution for when AccountId is part of the rulesetParameters and accountIdEndpointMode is not disabled, in EndpointV2Middleware. If AccountId should be resolved then, we will resolve the credentialsProvider, which will resolve an identity from which we will extract the accountId, and if an accountId is not present in that resolved identity then, we will log a warning if accountIdEndpointMode is set to preferred or throw an exception if accountIdEndpointMode is required. Another part of this change is, that if we get up to the point of resolving the credentials provider then, we inject the resolved identity into $command['@context'] as the property 'resolved_identity'. We do this for trying to avoid having to resolve credentials more than once per request.
@yenfryherrerafeliz
chore: address PR feedback and include tests
9d5f0c8 
Addresses feedback for conditionally calling the method resolvingAccountId based on if the parameter is present in the rulesset of the endpoint provider.
Include tests coverage for AssumeRoleCredentialProvider, AssumeRoleWithWebIdentityCredentialProvider, process, shared files, and credentials from environment.
@yenfryherrerafeliz
test: add STS test cases for resolving accountId
c6dab51
@yenfryherrerafeliz
feat: remove account id endpoint mode validations
b0ff4ad 
The validation of whether account_id should be resolved or not is going to be done by the ruleset, and therefore the validation logic around this needs to be removed.
@yenfryherrerafeliz
chore: address PR feedback
5204f33 
- Move test cases into a valid existent class. In this case the tests in SourceAccountIdEndpointTest were moved to StsClient class.
- Create test for InstanceProfileProvider
- Create test for EcsCredentialProvider
@yenfryherrerafeliz
Merge branch 'master' into feat_account_id_endpoint_support
24a9991
@yenfryherrerafeliz
fix: inject AccountId in endpoint client args
f041393
@yenfryherrerafeliz
chore: remove null coalescing operator
0b71c81 
Remove null coalescing operator from the CredentialProvider class in order to prevent Docs Build to fail.
@yenfryherrerafeliz
chore: merge chages from 'master'
2c7589d
@yenfryherrerafeliz
test: modify endpoint test cases
6a8b3e3 
Make endpoint test cases compatible with account_id endpoint mode.
@yenfryherrerafeliz
chore: resolve merge conflicts
32aead4 
Resolved merge conflicts when merging master into feat_account_id_endpoint_support branch.
@yenfryherrerafeliz
chore: make test accounts to be dummy
30ab4e1 
Update test account values to be in compliant with our git-secrets checks.
We can use either dummy values, such as `foo`, or the fixed values `123456789012` or `999999999999`.
@stobrien89 stobrien89 merged commit 4fad948 into aws:master Aug 5, 2024
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stobrien89 stobrien89 stobrien89 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yenfryherrerafeliz @stobrien89