added two more credential providers, profile and imds

kai-ion · kai-ion · commit dfbd7dd37c09 · 2025-08-22T18:21:08.000-04:00
added new sign methods for s3express to take in context
diff --git a/generated/src/aws-cpp-sdk-s3-crt/include/aws/s3-crt/S3ExpressIdentityProvider.h b/generated/src/aws-cpp-sdk-s3-crt/include/aws/s3-crt/S3ExpressIdentityProvider.h
@@ -9,6 +9,7 @@
 #include <aws/core/utils/memory/stl/AWSString.h>
 #include <aws/core/utils/ConcurrentCache.h>
 #include <aws/core/auth/signer/AWSAuthSignerBase.h>
+#include <aws/core/auth/AWSCredentialsProvider.h>
 #include <aws/s3-crt/S3ExpressIdentity.h>
 #include <smithy/identity/resolver/AwsIdentityResolverBase.h>
 #include <thread>
@@ -27,6 +28,12 @@ namespace Aws {
 
             virtual S3ExpressIdentity
             GetS3ExpressIdentity(const std::shared_ptr<Aws::Http::ServiceSpecificParameters> &serviceSpecificParameters) = 0;
+            
+            virtual S3ExpressIdentity
+            GetS3ExpressIdentity(Aws::Auth::CredentialsResolutionContext& context, const std::shared_ptr<Aws::Http::ServiceSpecificParameters> &serviceSpecificParameters) {
+                AWS_UNREFERENCED_PARAM(context);
+                return GetS3ExpressIdentity(serviceSpecificParameters);
+            }
 
             ResolveIdentityFutureOutcome
             getIdentity(const IdentityProperties& identityProperties, const AdditionalParameters& additionalParameters) override;
@@ -59,6 +66,8 @@ namespace Aws {
             virtual ~DefaultS3ExpressIdentityProvider() override = default;
 
             S3ExpressIdentity GetS3ExpressIdentity(const std::shared_ptr<Aws::Http::ServiceSpecificParameters> &serviceSpecificParameters) override;
+            
+            S3ExpressIdentity GetS3ExpressIdentity(Aws::Auth::CredentialsResolutionContext& context, const std::shared_ptr<Aws::Http::ServiceSpecificParameters> &serviceSpecificParameters) override;
 
         private:
             mutable std::shared_ptr<Aws::Utils::ConcurrentCache<Aws::String, S3ExpressIdentity>> m_credentialsCache;
@@ -81,6 +90,8 @@ namespace Aws {
             virtual ~DefaultAsyncS3ExpressIdentityProvider() override;
 
             S3ExpressIdentity GetS3ExpressIdentity(const std::shared_ptr<Aws::Http::ServiceSpecificParameters> &serviceSpecificParameters) override;
+            
+            S3ExpressIdentity GetS3ExpressIdentity(Aws::Auth::CredentialsResolutionContext& context, const std::shared_ptr<Aws::Http::ServiceSpecificParameters> &serviceSpecificParameters) override;
 
         private:
             void refreshIdentities(std::chrono::minutes refreshPeriod);
diff --git a/generated/src/aws-cpp-sdk-s3-crt/include/aws/s3-crt/S3ExpressSigner.h b/generated/src/aws-cpp-sdk-s3-crt/include/aws/s3-crt/S3ExpressSigner.h
@@ -43,6 +43,8 @@ namespace Aws {
 
             Aws::Auth::AWSCredentials GetCredentials(const std::shared_ptr<Aws::Http::ServiceSpecificParameters> &serviceSpecificParameters) const override;
 
+            Aws::Auth::AWSCredentials GetCredentials(Aws::Auth::CredentialsResolutionContext& context, const std::shared_ptr<Aws::Http::ServiceSpecificParameters> &serviceSpecificParameters) const override;
+
         protected:
             bool ServiceRequireUnsignedPayload(const String &serviceName) const override;
 
diff --git a/generated/src/aws-cpp-sdk-s3-crt/source/S3ExpressIdentityProvider.cpp b/generated/src/aws-cpp-sdk-s3-crt/source/S3ExpressIdentityProvider.cpp
@@ -115,6 +115,11 @@ S3ExpressIdentity DefaultS3ExpressIdentityProvider::GetS3ExpressIdentity(const s
     return identity;
 }
 
+S3ExpressIdentity DefaultS3ExpressIdentityProvider::GetS3ExpressIdentity(Aws::Auth::CredentialsResolutionContext& context, const std::shared_ptr<Aws::Http::ServiceSpecificParameters> &serviceSpecificParameters) {
+    AWS_UNREFERENCED_PARAM(context);
+    return GetS3ExpressIdentity(serviceSpecificParameters);
+}
+
 Aws::S3Crt::DefaultAsyncS3ExpressIdentityProvider::DefaultAsyncS3ExpressIdentityProvider(
     const S3CrtClient &s3Client,
     std::chrono::minutes refreshPeriod) :
@@ -192,6 +197,11 @@ S3ExpressIdentity DefaultAsyncS3ExpressIdentityProvider::GetS3ExpressIdentity(co
     return identity;
 }
 
+S3ExpressIdentity DefaultAsyncS3ExpressIdentityProvider::GetS3ExpressIdentity(Aws::Auth::CredentialsResolutionContext& context, const std::shared_ptr<ServiceSpecificParameters> &serviceSpecificParameters) {
+    AWS_UNREFERENCED_PARAM(context);
+    return GetS3ExpressIdentity(serviceSpecificParameters);
+}
+
 void DefaultAsyncS3ExpressIdentityProvider::threadSafeKeyEmpty() {
     std::lock_guard<std::mutex> lock(m_keysUsedMutex);
     m_keysUsed.clear();
diff --git a/generated/src/aws-cpp-sdk-s3-crt/source/S3ExpressSigner.cpp b/generated/src/aws-cpp-sdk-s3-crt/source/S3ExpressSigner.cpp
@@ -1,4 +1,4 @@
-﻿/**
+/**
  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
  * SPDX-License-Identifier: Apache-2.0.
  */
@@ -95,3 +95,8 @@ Aws::Auth::AWSCredentials S3ExpressSigner::GetCredentials(const std::shared_ptr<
     auto identity = m_S3ExpressIdentityProvider->GetS3ExpressIdentity(serviceSpecificParameters);
     return {identity.getAccessKeyId(), identity.getSecretKeyId()};
 }
+
+Aws::Auth::AWSCredentials S3ExpressSigner::GetCredentials(Aws::Auth::CredentialsResolutionContext& context, const std::shared_ptr<Aws::Http::ServiceSpecificParameters> &serviceSpecificParameters) const {
+    auto identity = m_S3ExpressIdentityProvider->GetS3ExpressIdentity(context, serviceSpecificParameters);
+    return {identity.getAccessKeyId(), identity.getSecretKeyId()};
+}
diff --git a/src/aws-cpp-sdk-core/include/aws/core/auth/AWSCredentialsProvider.h b/src/aws-cpp-sdk-core/include/aws/core/auth/AWSCredentialsProvider.h
@@ -218,6 +218,11 @@ namespace Aws
             * Retrieves the credentials if found, otherwise returns empty credential set.
             */
             AWSCredentials GetAWSCredentials() override;
+            
+            /**
+            * Context-based interface that adds profile credential tracking.
+            */
+            AWSCredentials GetAWSCredentials(CredentialsResolutionContext& context) override;
 
             /**
              * Returns the fullpath of the calculated credentials profile file
@@ -271,6 +276,11 @@ namespace Aws
             * Retrieves the credentials if found, otherwise returns empty credential set.
             */
             AWSCredentials GetAWSCredentials() override;
+            
+            /**
+            * Context-based interface that adds instance profile credential tracking.
+            */
+            AWSCredentials GetAWSCredentials(CredentialsResolutionContext& context) override;
 
         protected:
             void Reload() override;
diff --git a/src/aws-cpp-sdk-core/include/aws/core/client/UserAgent.h b/src/aws-cpp-sdk-core/include/aws/core/client/UserAgent.h
@@ -33,6 +33,8 @@ enum class UserAgentFeature {
   RESOLVED_ACCOUNT_ID,
   GZIP_REQUEST_COMPRESSION,
   CREDENTIALS_ENV_VARS,
+  CREDENTIALS_IMDS,
+  CREDENTIALS_PROFILE,
 };
 
 class AWS_CORE_API UserAgent {
diff --git a/src/aws-cpp-sdk-core/source/auth/AWSCredentialsProvider.cpp b/src/aws-cpp-sdk-core/source/auth/AWSCredentialsProvider.cpp
@@ -212,6 +212,14 @@ AWSCredentials ProfileConfigFileAWSCredentialsProvider::GetAWSCredentials()
     return AWSCredentials();
 }
 
+AWSCredentials ProfileConfigFileAWSCredentialsProvider::GetAWSCredentials(CredentialsResolutionContext& context)
+{
+    AWSCredentials credentials = GetAWSCredentials();
+    if (!credentials.IsEmpty()) {
+        context.AddUserAgentFeature(Aws::Client::UserAgentFeature::CREDENTIALS_PROFILE);
+    }
+    return credentials;
+}
 
 void ProfileConfigFileAWSCredentialsProvider::Reload()
 {
@@ -281,6 +289,15 @@ AWSCredentials InstanceProfileCredentialsProvider::GetAWSCredentials()
     return AWSCredentials();
 }
 
+AWSCredentials InstanceProfileCredentialsProvider::GetAWSCredentials(CredentialsResolutionContext& context)
+{
+    AWSCredentials credentials = GetAWSCredentials();
+    if (!credentials.IsEmpty()) {
+        context.AddUserAgentFeature(Aws::Client::UserAgentFeature::CREDENTIALS_IMDS);
+    }
+    return credentials;
+}
+
 bool InstanceProfileCredentialsProvider::ExpiresSoon() const
 {
     auto profileIter = m_ec2MetadataConfigLoader->GetProfiles().find(Aws::Config::INSTANCE_PROFILE_KEY);
diff --git a/src/aws-cpp-sdk-core/source/auth/signer/AWSAuthV4Signer.cpp b/src/aws-cpp-sdk-core/source/auth/signer/AWSAuthV4Signer.cpp
@@ -338,7 +338,7 @@ bool AWSAuthV4Signer::SignRequest(Aws::Http::HttpRequest& request, const char* r
 {
     Aws::Auth::CredentialsResolutionContext context;
     AWSCredentials credentials = GetCredentials(context, request.GetServiceSpecificParameters());
-    
+
     // Update User-Agent with credential tracking features from context
     UpdateUserAgentWithCredentialFeatures(request, context);
     
diff --git a/src/aws-cpp-sdk-core/source/client/UserAgent.cpp b/src/aws-cpp-sdk-core/source/client/UserAgent.cpp
@@ -43,6 +43,8 @@ const std::pair<UserAgentFeature, const char*> BUSINESS_METRIC_MAPPING[] = {
     {UserAgentFeature::RESOLVED_ACCOUNT_ID, "T"},
     {UserAgentFeature::GZIP_REQUEST_COMPRESSION, "L"},
     {UserAgentFeature::CREDENTIALS_ENV_VARS, "g"},
+    {UserAgentFeature::CREDENTIALS_IMDS, "0"},
+    {UserAgentFeature::CREDENTIALS_PROFILE, "n"},
 };
 
 Aws::String BusinessMetricForFeature(UserAgentFeature feature) {

Original file line number	Diff line number	Diff line change
`@@ -338,7 +338,7 @@ bool AWSAuthV4Signer::SignRequest(Aws::Http::HttpRequest& request, const char* r`
`338`	`338`	`{`
`339`	`339`	`Aws::Auth::CredentialsResolutionContext context;`
`340`	`340`	`AWSCredentials credentials = GetCredentials(context, request.GetServiceSpecificParameters());`
`341`		`-`
	`341`	`+`
`342`	`342`	`// Update User-Agent with credential tracking features from context`
`343`	`343`	`UpdateUserAgentWithCredentialFeatures(request, context);`
`344`	`344`