Add test for Sdk instrumentation patch

blairhyy-amazon · blairhyy-amazon · commit 9cfb85c8cd90 · 2025-07-28T11:21:44.000-07:00
diff --git a/aws-distro-opentelemetry-node-autoinstrumentation/test/patches/instrumentation-patch.test.ts b/aws-distro-opentelemetry-node-autoinstrumentation/test/patches/instrumentation-patch.test.ts
@@ -692,6 +692,61 @@ describe('InstrumentationPatchTest', () => {
       });
     });
 
+    it('Prevents recursion when credentials provider makes STS calls', async () => {
+      // Track credentials provider calls and skip flag state
+      let credentialsProviderCallCount = 0;
+      let skipCredentialCaptureValue = false;
+
+      // Mock span for attribute capture
+      const mockSpan = { setAttribute: sinon.stub() };
+      sinon.stub(trace, 'getSpan').returns(mockSpan as unknown as Span);
+
+      // Mock OpenTelemetry context to track skip-credential-capture flag
+      const mockContext = {
+        getValue: (key: symbol) =>
+          key.toString().includes('skip-credential-capture') ? skipCredentialCaptureValue : undefined,
+        setValue: (key: symbol, value: any) => {
+          if (key.toString().includes('skip-credential-capture')) skipCredentialCaptureValue = value;
+          return mockContext;
+        },
+        deleteValue: () => mockContext,
+      };
+      sinon.stub(context, 'active').returns(mockContext);
+
+      // Capture middleware added to stack
+      const middlewareStack: any[] = [];
+      const recursiveSdkSend = extractAwsSdkInstrumentation(PATCHED_INSTRUMENTATIONS)
+        ['_getV3SmithyClientSendPatch'](() => Promise.resolve())
+        .bind({
+          middlewareStack: { add: (middleware: any, config: any) => middlewareStack.push([middleware, config]) },
+          config: {
+            // Credentials provider that recursively calls SDK (simulates STS)
+            credentials: async () => {
+              credentialsProviderCallCount++;
+              await recursiveSdkSend({}, null);
+              return { accessKeyId: 'test-access-key' };
+            },
+            region: () => Promise.resolve('us-west-2'),
+          },
+        });
+
+      // Initial SDK call triggers middleware setup
+      await recursiveSdkSend({}, null);
+      expect(skipCredentialCaptureValue).toBe(false);
+
+      // Execute credentials extraction middleware
+      await middlewareStack[1][0](() => Promise.resolve(), null)({});
+
+      // Verify recursion prevention: only one credentials call despite recursive setup
+      expect(credentialsProviderCallCount).toBe(1);
+      expect(skipCredentialCaptureValue).toBe(true);
+      expect(
+        mockSpan.setAttribute.calledWith(AWS_ATTRIBUTE_KEYS.AWS_AUTH_ACCOUNT_ACCESS_KEY, 'test-access-key')
+      ).toBeTruthy();
+
+      sinon.restore();
+    });
+
     it('injects trace context header into request via propagator', async () => {
       lambda = new Lambda({
         region: region,
