updated UA tracking to be simpler

kai-ion · kai-ion · commit 58361bd412b3 · 2025-09-18T10:46:13.000-04:00
diff --git a/src/aws-cpp-sdk-core/include/aws/core/client/ClientConfiguration.h b/src/aws-cpp-sdk-core/include/aws/core/client/ClientConfiguration.h
@@ -441,37 +441,12 @@ namespace Aws
               ResponseChecksumValidation responseChecksumValidation = ResponseChecksumValidation::WHEN_SUPPORTED;
             } checksumConfig;
 
-            /**
-             * Configuration source types for tracking where values come from
-             */
-            enum class ConfigSourceType {
-                ENVIRONMENT,
-                PROFILE,
-                DEFAULT_VALUE
-            };
-            
-            /**
-             * Structure to hold both config value and its source
-             */
-            struct ConfigSource {
-                Aws::String value;
-                ConfigSourceType source;
-                ConfigSource(const Aws::String& val, ConfigSourceType src) : value(val), source(src) {}
-            };
-            
             /**
              * A helper function to read config value from env variable or aws profile config
              */
             static Aws::String LoadConfigFromEnvOrProfile(const Aws::String& envKey, const Aws::String& profile,
                                                           const Aws::String& profileProperty, const Aws::Vector<Aws::String>& allowedValues,
                                                           const Aws::String& defaultValue);
-            
-            /**
-             * A helper function to read config value and track its source
-             */
-            static ConfigSource LoadConfigFromEnvOrProfileWithSource(const Aws::String& envKey, const Aws::String& profile,
-                                                                     const Aws::String& profileProperty, const Aws::Vector<Aws::String>& allowedValues,
-                                                                     const Aws::String& defaultValue);
 
             /**
              * A wrapper for interfacing with telemetry functionality. Defaults to Noop provider.
@@ -564,11 +539,6 @@ namespace Aws
                * The OAuth 2.0 access token or OpenID Connect ID token
                */
               Aws::String tokenFilePath;
-              
-              /**
-               * Credential source type for user agent tracking
-               */
-              Aws::String credentialSource;
 
               /**
                * Time out for the credentials future call.
diff --git a/src/aws-cpp-sdk-core/include/aws/core/client/UserAgent.h b/src/aws-cpp-sdk-core/include/aws/core/client/UserAgent.h
@@ -33,7 +33,6 @@ enum class UserAgentFeature {
   RESOLVED_ACCOUNT_ID,
   GZIP_REQUEST_COMPRESSION,
   CREDENTIALS_ENV_VARS,
-  CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN,
   CREDENTIALS_PROFILE,
   CREDENTIALS_PROFILE_PROCESS,
   CREDENTIALS_IMDS,
diff --git a/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp b/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp
@@ -5,6 +5,7 @@
 #include <aws/core/Globals.h>
 #include <aws/core/auth/STSCredentialsProvider.h>
 #include <aws/core/client/ClientConfiguration.h>
+#include <aws/core/client/UserAgent.h>
 #include <aws/core/platform/Environment.h>
 #include <aws/crt/auth/Credentials.h>
 
@@ -96,6 +97,9 @@ AWSCredentials STSAssumeRoleWebIdentityCredentialsProvider::GetAWSCredentials()
             credentials.SetExpiration(DateTime{static_cast<double>(expiration)});
             const auto sessionTokenCursor = crtCredentials->GetSessionToken();
             credentials.SetSessionToken({reinterpret_cast<char*>(sessionTokenCursor.ptr), sessionTokenCursor.len});
+            if (!credentials.IsEmpty()) {
+              credentials.AddUserAgentFeature(Aws::Client::UserAgentFeature::CREDENTIALS_STS_WEB_IDENTITY_TOKEN);
+            }
           }
           refreshDone = true;
         }
diff --git a/src/aws-cpp-sdk-core/source/client/ClientConfiguration.cpp b/src/aws-cpp-sdk-core/source/client/ClientConfiguration.cpp
@@ -73,18 +73,6 @@ static T LoadEnumFromString(const std::array<std::pair<const char*, T>, N>& mapp
   return mapping->second;
 }
 
-// Helper to load raw values without lowercasing (for file paths, ARNs, etc.)
-static Aws::String LoadRawFromEnvOrProfile(const Aws::String& envKey,
-                                           const Aws::String& profile,
-                                           const Aws::String& profileProperty,
-                                           const Aws::String& defaultValue) {
-    Aws::String option = Aws::Environment::GetEnv(envKey.c_str());
-    if (option.empty()) {
-        option = Aws::Config::GetCachedConfigValue(profile, profileProperty);
-    }
-    return option.empty() ? defaultValue : Aws::Utils::StringUtils::Trim(option.c_str());
-}
-
 ClientConfiguration::ProviderFactories ClientConfiguration::ProviderFactories::defaultFactories = []()
 {
     ProviderFactories factories;
@@ -339,25 +327,23 @@ void setConfigFromEnvOrProfile(ClientConfiguration &config)
     // Uses default retry mode with the specified max attempts from metadata_service_num_attempts
     config.credentialProviderConfig.imdsConfig.imdsRetryStrategy = InitRetryStrategy(attempts, "");
 
-    auto roleArnSrc = ClientConfiguration::LoadConfigFromEnvOrProfileWithSource(
-        AWS_IAM_ROLE_ARN_ENV_VAR, config.profileName, AWS_IAM_ROLE_ARN_CONFIG_FILE_OPTION, {}, "");
-    config.credentialProviderConfig.stsCredentialsProviderConfig.roleArn = roleArnSrc.value;
-
-    config.credentialProviderConfig.stsCredentialsProviderConfig.sessionName = LoadRawFromEnvOrProfile(
-        AWS_IAM_ROLE_SESSION_NAME_ENV_VAR, config.profileName, AWS_IAM_ROLE_SESSION_NAME_CONFIG_FILE_OPTION, "");
-
-    auto tokenFileSrc = ClientConfiguration::LoadConfigFromEnvOrProfileWithSource(
-        AWS_WEB_IDENTITY_TOKEN_FILE_ENV_VAR, config.profileName, AWS_WEB_IDENTITY_TOKEN_FILE_CONFIG_FILE_OPTION, {}, "");
-    config.credentialProviderConfig.stsCredentialsProviderConfig.tokenFilePath = tokenFileSrc.value;
-
-    if (!roleArnSrc.value.empty() && !tokenFileSrc.value.empty()) {
-        using Src = ClientConfiguration::ConfigSourceType;
-        const bool fromEnv = (roleArnSrc.source == Src::ENVIRONMENT) || (tokenFileSrc.source == Src::ENVIRONMENT);
-        config.credentialProviderConfig.stsCredentialsProviderConfig.credentialSource =
-            fromEnv ? "env_web_identity" : "web_identity";
-    } else {
-        config.credentialProviderConfig.stsCredentialsProviderConfig.credentialSource.clear();
-    }
+    config.credentialProviderConfig.stsCredentialsProviderConfig.roleArn = ClientConfiguration::LoadConfigFromEnvOrProfile(AWS_IAM_ROLE_ARN_ENV_VAR,
+          config.profileName,
+          AWS_IAM_ROLE_ARN_CONFIG_FILE_OPTION,
+          {}, /* allowed values */
+          "" /* default value */);
+
+      config.credentialProviderConfig.stsCredentialsProviderConfig.sessionName = ClientConfiguration::LoadConfigFromEnvOrProfile(AWS_IAM_ROLE_SESSION_NAME_ENV_VAR,
+          config.profileName,
+          AWS_IAM_ROLE_SESSION_NAME_CONFIG_FILE_OPTION,
+          {}, /* allowed values */
+          "" /* default value */);
+
+      config.credentialProviderConfig.stsCredentialsProviderConfig.tokenFilePath = ClientConfiguration::LoadConfigFromEnvOrProfile(AWS_WEB_IDENTITY_TOKEN_FILE_ENV_VAR,
+          config.profileName,
+          AWS_WEB_IDENTITY_TOKEN_FILE_CONFIG_FILE_OPTION,
+          {}, /* allowed values */
+          "" /* default value */);
 }
 
 ClientConfiguration::ClientConfiguration()
@@ -566,79 +552,35 @@ std::shared_ptr<RetryStrategy> InitRetryStrategy(Aws::String retryMode)
     return InitRetryStrategy(maxAttempts, retryMode);
 }
 
-ClientConfiguration::ConfigSource ClientConfiguration::LoadConfigFromEnvOrProfileWithSource(const Aws::String& envKey,
-                                                                                            const Aws::String& profile,
-                                                                                            const Aws::String& profileProperty,
-                                                                                            const Aws::Vector<Aws::String>& allowedValues,
-                                                                                            const Aws::String& defaultValue)
+Aws::String ClientConfiguration::LoadConfigFromEnvOrProfile(const Aws::String& envKey,
+                                                            const Aws::String& profile,
+                                                            const Aws::String& profileProperty,
+                                                            const Aws::Vector<Aws::String>& allowedValues,
+                                                            const Aws::String& defaultValue)
 {
-    Aws::String option;
-    ConfigSourceType sourceType = ConfigSourceType::DEFAULT_VALUE;
-
-    if (!envKey.empty()) {
-        option = Aws::Environment::GetEnv(envKey.c_str());
-        if (!option.empty()) {
-            sourceType = ConfigSourceType::ENVIRONMENT;
-        }
-    }
-
-    if (option.empty() && !profileProperty.empty()) {
+    Aws::String option = Aws::Environment::GetEnv(envKey.c_str());
+    if (option.empty()) {
         option = Aws::Config::GetCachedConfigValue(profile, profileProperty);
-        if (!option.empty()) {
-            sourceType = ConfigSourceType::PROFILE;
-        }
     }
-
-    option = Aws::Utils::StringUtils::Trim(option.c_str());
-
+    option = Aws::Utils::StringUtils::ToLower(option.c_str());
     if (option.empty()) {
-        return ConfigSource(defaultValue, ConfigSourceType::DEFAULT_VALUE);
+        return defaultValue;
     }
 
-    // Validate only if we have an allowed list (enum-like). Do NOT mutate case of the returned value.
-    if (!allowedValues.empty()) {
-        const Aws::String optionLower = Aws::Utils::StringUtils::ToLower(option.c_str());
-
-        // Build a lowercased view of the allowed set once
-        bool allowed = std::any_of(allowedValues.cbegin(), allowedValues.cend(),
-            [&](const Aws::String& v){ return optionLower == Aws::Utils::StringUtils::ToLower(v.c_str()); });
-
-        if (!allowed) {
-            Aws::OStringStream expectedStr;
-            expectedStr << "[";
-            for (size_t i = 0; i < allowedValues.size(); ++i) {
-                expectedStr << allowedValues[i];
-                if ( i + 1 < allowedValues.size() ) expectedStr << ";";
-            }
-            expectedStr << "]";
-
-            const char* src = (sourceType == ConfigSourceType::ENVIRONMENT) ? "environment" :
-                              (sourceType == ConfigSourceType::PROFILE)     ? "profile"      : "default";
-
-            AWS_LOGSTREAM_WARN(
-                CLIENT_CONFIG_TAG,
-                "Unrecognized value from " << src
-                << (sourceType == ConfigSourceType::ENVIRONMENT ? (Aws::String(" (") + envKey + ")") :
-                    sourceType == ConfigSourceType::PROFILE ? (Aws::String(" (") + profile + ":" + profileProperty + ")") : "")
-                << ": \"" << option << "\". Using default: \"" << defaultValue
-                << "\". Expected one of: " << expectedStr.str()
-            );
-
-            return ConfigSource(defaultValue, ConfigSourceType::DEFAULT_VALUE);
+    if (!allowedValues.empty() && std::find(allowedValues.cbegin(), allowedValues.cend(), option) == allowedValues.cend()) {
+        Aws::OStringStream expectedStr;
+        expectedStr << "[";
+        for(const auto& allowed : allowedValues) {
+            expectedStr << allowed << ";";
         }
-    }
+        expectedStr << "]";
 
-    // Return original (un-lowercased) token and the actual source
-    return ConfigSource(option, sourceType);
-}
-
-Aws::String ClientConfiguration::LoadConfigFromEnvOrProfile(const Aws::String& envKey,
-                                                            const Aws::String& profile,
-                                                            const Aws::String& profileProperty,
-                                                            const Aws::Vector<Aws::String>& allowedValues,
-                                                            const Aws::String& defaultValue)
-{
-    return LoadConfigFromEnvOrProfileWithSource(envKey, profile, profileProperty, allowedValues, defaultValue).value;
+        AWS_LOGSTREAM_WARN(CLIENT_CONFIG_TAG, "Unrecognised value for " << envKey << ": " << option <<
+                                              ". Using default instead: " << defaultValue <<
+                                              ". Expected empty or one of: " << expectedStr.str());
+        option = defaultValue;
+    }
+    return option;
 }
 
 } // namespace Client
diff --git a/src/aws-cpp-sdk-core/source/client/UserAgent.cpp b/src/aws-cpp-sdk-core/source/client/UserAgent.cpp
@@ -43,7 +43,6 @@ const std::pair<UserAgentFeature, const char*> BUSINESS_METRIC_MAPPING[] = {
     {UserAgentFeature::RESOLVED_ACCOUNT_ID, "T"},
     {UserAgentFeature::GZIP_REQUEST_COMPRESSION, "L"},
     {UserAgentFeature::CREDENTIALS_ENV_VARS, "g"},
-    {UserAgentFeature::CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN, "h"},
     {UserAgentFeature::CREDENTIALS_PROFILE, "n"},
     {UserAgentFeature::CREDENTIALS_PROFILE_PROCESS, "v"},
     {UserAgentFeature::CREDENTIALS_IMDS, "0"},
@@ -132,13 +131,6 @@ UserAgent::UserAgent(const ClientConfiguration& clientConfiguration,
   if (accountIdMode.has_value()) {
     m_features.emplace(accountIdMode.value());
   }
-
-  const auto& sts = clientConfiguration.credentialProviderConfig.stsCredentialsProviderConfig;
-  if (sts.credentialSource == "env_web_identity") {
-    m_features.emplace(UserAgentFeature::CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN);
-  } else if (sts.credentialSource == "web_identity") {
-    m_features.emplace(UserAgentFeature::CREDENTIALS_STS_WEB_IDENTITY_TOKEN);
-  }
 }
 
 Aws::String UserAgent::SerializeWithFeatures(const Aws::Set<UserAgentFeature>& features) const {
