Address PR feedback

Author: S-Saranya1

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/ChildProfileCredentialsProviderFactory.java

@@ -25,7 +25,6 @@
  * provider via the 'software.amazon.awssdk.services.sts.internal.StsProfileCredentialsProviderFactory', assuming STS is on the
  * classpath.
  */
-@FunctionalInterface
 @SdkProtectedApi
 public interface ChildProfileCredentialsProviderFactory {
     /**
@@ -41,7 +40,10 @@ public interface ChildProfileCredentialsProviderFactory {
      * @return The credentials provider with permissions derived from the source credentials provider and profile.
      */
     default AwsCredentialsProvider create(AwsCredentialsProvider sourceCredentialsProvider, Profile profile) {
-        ChildProfileCredentialsRequest request = new ChildProfileCredentialsRequest(sourceCredentialsProvider, profile, null);
+        ChildProfileCredentialsRequest request = ChildProfileCredentialsRequest.builder()
+            .sourceCredentialsProvider(sourceCredentialsProvider)
+            .profile(profile)
+            .build();
         return create(request);
     }
 
@@ -54,19 +56,23 @@ default AwsCredentialsProvider create(AwsCredentialsProvider sourceCredentialsPr
      * @param request The request containing all parameters needed to create the child credentials provider.
      * @return The credentials provider with permissions derived from the request parameters.
      */
-    AwsCredentialsProvider create(ChildProfileCredentialsRequest request);
+    default AwsCredentialsProvider create(ChildProfileCredentialsRequest request) {
+        throw new UnsupportedOperationException();
+    }
 
     final class ChildProfileCredentialsRequest {
         private final AwsCredentialsProvider sourceCredentialsProvider;
         private final Profile profile;
         private final String sourceFeatureId;
 
-        public ChildProfileCredentialsRequest(AwsCredentialsProvider sourceCredentialsProvider, 
-                                            Profile profile, 
-                                            String sourceFeatureId) {
-            this.sourceCredentialsProvider = sourceCredentialsProvider;
-            this.profile = profile;
-            this.sourceFeatureId = sourceFeatureId;
+        private ChildProfileCredentialsRequest(Builder builder) {
+            this.sourceCredentialsProvider = builder.sourceCredentialsProvider;
+            this.profile = builder.profile;
+            this.sourceFeatureId = builder.sourceFeatureId;
+        }
+
+        public static Builder builder() {
+            return new Builder();
         }
 
         public AwsCredentialsProvider sourceCredentialsProvider() {
@@ -80,5 +86,30 @@ public Profile profile() {
         public String sourceFeatureId() {
             return sourceFeatureId;
         }
+
+        public static final class Builder {
+            private AwsCredentialsProvider sourceCredentialsProvider;
+            private Profile profile;
+            private String sourceFeatureId;
+
+            public Builder sourceCredentialsProvider(AwsCredentialsProvider sourceCredentialsProvider) {
+                this.sourceCredentialsProvider = sourceCredentialsProvider;
+                return this;
+            }
+
+            public Builder profile(Profile profile) {
+                this.profile = profile;
+                return this;
+            }
+
+            public Builder sourceFeatureId(String sourceFeatureId) {
+                this.sourceFeatureId = sourceFeatureId;
+                return this;
+            }
+
+            public ChildProfileCredentialsRequest build() {
+                return new ChildProfileCredentialsRequest(this);
+            }
+        }
     }
 }

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/ContainerCredentialsProvider.java

@@ -106,7 +106,7 @@ private ContainerCredentialsProvider(BuilderImpl builder) {
         this.providerName = StringUtils.isEmpty(builder.sourceFeatureId)
             ? PROVIDER_NAME 
             : builder.sourceFeatureId + "," + PROVIDER_NAME;
-        this.httpCredentialsLoader = HttpCredentialsLoader.create(providerName());
+        this.httpCredentialsLoader = HttpCredentialsLoader.create(this.providerName);
 
         if (Boolean.TRUE.equals(builder.asyncCredentialUpdateEnabled)) {
             Validate.paramNotBlank(builder.asyncThreadName, "asyncThreadName");
@@ -168,10 +168,6 @@ private Instant prefetchTime(Instant expiration) {
         return ComparableUtils.minimum(oneHourFromNow, fifteenMinutesBeforeExpiration);
     }
 
-    private String providerName() {
-        return this.providerName;
-    }
-
     @Override
     public AwsCredentials resolveCredentials() {
         return credentialsCache.get();

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/HttpCredentialsProvider.java

@@ -16,7 +16,6 @@
 package software.amazon.awssdk.auth.credentials;
 
 import software.amazon.awssdk.annotations.SdkPublicApi;
-import software.amazon.awssdk.core.useragent.BusinessMetricFeatureId;
 import software.amazon.awssdk.utils.SdkAutoCloseable;
 
 /**
@@ -50,8 +49,7 @@ interface Builder<TypeToBuildT extends HttpCredentialsProvider, BuilderT extends
         BuilderT endpoint(String endpoint);
 
         /**
-         * An optional string list of {@link BusinessMetricFeatureId} denoting previous credentials providers
-         * that are chained with this one.
+         * An optional string denoting previous credentials providers that are chained with this one.
          * <p><b>Note:</b> This method is primarily intended for use by AWS SDK internal components
          * and should not be used directly by external users.</p>
          */

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/InstanceProfileCredentialsProvider.java

@@ -113,7 +113,7 @@ private InstanceProfileCredentialsProvider(BuilderImpl builder) {
             ? PROVIDER_NAME 
             : builder.sourceFeatureId + "," + PROVIDER_NAME;
 
-        this.httpCredentialsLoader = HttpCredentialsLoader.create(providerName());
+        this.httpCredentialsLoader = HttpCredentialsLoader.create(this.providerName);
         this.configProvider =
             Ec2MetadataConfigProvider.builder()
                                      .profileFile(profileFile)
@@ -212,10 +212,6 @@ public void close() {
         credentialsCache.close();
     }
 
-    private String providerName() {
-        return this.providerName;
-    }
-
     @Override
     public String toString() {
         return ToString.create(CLASS_NAME);

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/ProcessCredentialsProvider.java

@@ -181,10 +181,6 @@ private JsonNode parseProcessOutput(String processOutput) {
         return credentialsJson;
     }
 
-    private String providerName() {
-        return this.providerName;
-    }
-
     /**
      * Parse the process output to retrieve the credentials.
      */
@@ -206,13 +202,13 @@ private AwsCredentials credentials(JsonNode credentialsJson) {
                                     .sessionToken(sessionToken)
                                     .expirationTime(credentialExpirationTime(credentialsJson))
                                     .accountId(resolvedAccountId)
-                                    .providerName(providerName())
+                                    .providerName(this.providerName)
                                     .build() :
                AwsBasicCredentials.builder()
                                   .accessKeyId(accessKeyId)
                                   .secretAccessKey(secretAccessKey)
                                   .accountId(resolvedAccountId)
-                                  .providerName(providerName())
+                                  .providerName(this.providerName)
                                   .build();
     }
 

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/internal/ProfileCredentialsUtils.java

@@ -109,16 +109,27 @@ public Optional<AwsCredentialsProvider> credentialsProvider() {
      * @param children The child profiles that source credentials from this profile.
      */
     private Optional<AwsCredentialsProvider> credentialsProvider(Set<String> children) {
+        return credentialsProviderWithMetrics(children).map(ProviderWithMetrics::provider);
+    }
+
+    /**
+     * Internal method that returns both the credentials provider and its business metrics.
+     */
+    private Optional<ProviderWithMetrics> credentialsProviderWithMetrics(Set<String> children) {
         if (properties.containsKey(ProfileProperty.ROLE_ARN) && properties.containsKey(ProfileProperty.WEB_IDENTITY_TOKEN_FILE)) {
-            return Optional.ofNullable(roleAndWebIdentityTokenProfileCredentialsProvider());
+            return Optional.of(new ProviderWithMetrics(roleAndWebIdentityTokenProfileCredentialsProvider(),
+                    BusinessMetricFeatureId.CREDENTIALS_PROFILE_STS_WEB_ID_TOKEN.value()));
         }
 
         if (properties.containsKey(ProfileProperty.SSO_ROLE_NAME)
             || properties.containsKey(ProfileProperty.SSO_ACCOUNT_ID)
             || properties.containsKey(ProfileProperty.SSO_REGION)
             || properties.containsKey(ProfileProperty.SSO_START_URL)
             || properties.containsKey(ProfileSection.SSO_SESSION.getPropertyKeyName())) {
-            return Optional.ofNullable(ssoProfileCredentialsProvider());
+            boolean isLegacy = isLegacySsoConfiguration();
+            String featureId = isLegacy ? BusinessMetricFeatureId.CREDENTIALS_PROFILE_SSO_LEGACY.value()
+                                        : BusinessMetricFeatureId.CREDENTIALS_PROFILE_SSO.value();
+            return Optional.of(new ProviderWithMetrics(ssoProfileCredentialsProvider(), featureId));
         }
 
         if (properties.containsKey(ProfileProperty.ROLE_ARN)) {
@@ -138,15 +149,18 @@ private Optional<AwsCredentialsProvider> credentialsProvider(Set<String> childre
         }
 
         if (properties.containsKey(ProfileProperty.CREDENTIAL_PROCESS)) {
-            return Optional.ofNullable(credentialProcessCredentialsProvider());
+            return Optional.of(new ProviderWithMetrics(credentialProcessCredentialsProvider(),
+                    BusinessMetricFeatureId.CREDENTIALS_PROFILE_PROCESS.value()));
         }
 
         if (properties.containsKey(ProfileProperty.AWS_SESSION_TOKEN)) {
-            return Optional.of(sessionProfileCredentialsProvider());
+            return Optional.of(new ProviderWithMetrics(sessionProfileCredentialsProvider(), 
+                    BusinessMetricFeatureId.CREDENTIALS_PROFILE.value()));
         }
 
         if (properties.containsKey(ProfileProperty.AWS_ACCESS_KEY_ID)) {
-            return Optional.of(basicProfileCredentialsProvider());
+            return Optional.of(new ProviderWithMetrics(basicProfileCredentialsProvider(), 
+                    BusinessMetricFeatureId.CREDENTIALS_PROFILE.value()));
         }
 
         return Optional.empty();
@@ -250,53 +264,84 @@ private AwsCredentialsProvider roleAndWebIdentityTokenProfileCredentialsProvider
      *
      * @param children The child profiles that source credentials from this profile.
      */
-    private AwsCredentialsProvider roleAndSourceProfileBasedProfileCredentialsProvider(Set<String> children) {
+    private ProviderWithMetrics roleAndSourceProfileBasedProfileCredentialsProvider(Set<String> children) {
         requireProperties(ProfileProperty.SOURCE_PROFILE);
 
         Validate.validState(!children.contains(name),
                             "Invalid profile file: Circular relationship detected with profiles %s.", children);
         Validate.validState(credentialsSourceResolver != null,
-                            "The profile '%s' must be configured with a source profile in order to use assumed roles.", name);
+                            "The profile '%s' must be configured with a source profile in order to use assumed roles.",
+                            name);
 
         children.add(name);
-        AwsCredentialsProvider sourceCredentialsProvider =
-            credentialsSourceResolver.apply(properties.get(ProfileProperty.SOURCE_PROFILE))
-                                     .flatMap(p -> new ProfileCredentialsUtils(profileFile, p, credentialsSourceResolver)
-                                         .credentialsProvider(children))
-                                     .orElseThrow(this::noSourceCredentialsException);
-
-        String sourceFeatureId = BusinessMetricFeatureId.CREDENTIALS_PROFILE_SOURCE_PROFILE.value();
-        return createStsCredentialsProviderWithMetrics(sourceCredentialsProvider, sourceFeatureId);
+        Optional<ProviderWithMetrics> sourceResult = credentialsSourceResolver
+            .apply(properties.get(ProfileProperty.SOURCE_PROFILE))
+            .flatMap(p -> new ProfileCredentialsUtils(profileFile, p, credentialsSourceResolver)
+                .credentialsProviderWithMetrics(children));
+        
+        if (!sourceResult.isPresent()) {
+            throw noSourceCredentialsException();
+        }
+
+        ProviderWithMetrics source = sourceResult.get();
+        String profileMetric = BusinessMetricFeatureId.CREDENTIALS_PROFILE_SOURCE_PROFILE.value();
+        String combinedMetrics = profileMetric + "," + source.metrics();
+
+        AwsCredentialsProvider stsProvider = createStsCredentialsProviderWithMetrics(source.provider(), combinedMetrics);
+        return new ProviderWithMetrics(stsProvider, combinedMetrics);
     }
 
     /**
      * Load an assumed-role credentials provider that has been configured in this profile. This will attempt to locate the STS
      * module in order to generate the credentials provider. If it's not available, an illegal state exception will be raised.
      */
-    private AwsCredentialsProvider roleAndCredentialSourceBasedProfileCredentialsProvider() {
+    private ProviderWithMetrics roleAndCredentialSourceBasedProfileCredentialsProvider() {
         requireProperties(ProfileProperty.CREDENTIAL_SOURCE);
 
         CredentialSourceType credentialSource = CredentialSourceType.parse(properties.get(ProfileProperty.CREDENTIAL_SOURCE));
-        String profileSource = BusinessMetricFeatureId.CREDENTIALS_PROFILE_NAMED_PROVIDER.value();
-        AwsCredentialsProvider credentialsProvider = credentialSourceCredentialProvider(credentialSource);
+        String profileMetric = BusinessMetricFeatureId.CREDENTIALS_PROFILE_NAMED_PROVIDER.value();
+        ProviderWithMetrics sourceResult = credentialSourceCredentialProviderWithMetrics(credentialSource);
+        
+        String combinedMetrics = profileMetric + "," + sourceResult.metrics();
+        AwsCredentialsProvider stsProvider = createStsCredentialsProviderWithMetrics(sourceResult.provider(), combinedMetrics);
+        return new ProviderWithMetrics(stsProvider, combinedMetrics);
+    }
 
-        return createStsCredentialsProviderWithMetrics(credentialsProvider, profileSource);
+    /**
+     * Helper method to create STS credentials provider with business metrics.
+     */
+    private AwsCredentialsProvider createStsCredentialsProviderWithMetrics(AwsCredentialsProvider sourceProvider,
+                                                                           String combinedMetrics) {
+        ChildProfileCredentialsProviderFactory.ChildProfileCredentialsRequest request =
+            ChildProfileCredentialsProviderFactory.ChildProfileCredentialsRequest.builder()
+                .sourceCredentialsProvider(sourceProvider)
+                .profile(profile)
+                .sourceFeatureId(combinedMetrics)
+                .build();
+        
+        return stsCredentialsProviderFactory().create(request);
     }
 
-    private AwsCredentialsProvider credentialSourceCredentialProvider(CredentialSourceType credentialSource) {
+    private ProviderWithMetrics credentialSourceCredentialProviderWithMetrics(CredentialSourceType credentialSource) {
         switch (credentialSource) {
             case ECS_CONTAINER:
-                return ContainerCredentialsProvider.builder().build();
+                return new ProviderWithMetrics(
+                    ContainerCredentialsProvider.builder().build(),
+                    BusinessMetricFeatureId.CREDENTIALS_HTTP.value());
             case EC2_INSTANCE_METADATA:
-                return InstanceProfileCredentialsProvider.builder()
-                                                         .profileFile(profileFile)
-                                                         .profileName(name)
-                                                         .build();
+                return new ProviderWithMetrics(
+                    InstanceProfileCredentialsProvider.builder()
+                                                     .profileFile(profileFile)
+                                                     .profileName(name)
+                                                     .build(),
+                    BusinessMetricFeatureId.CREDENTIALS_IMDS.value());
             case ENVIRONMENT:
-                return AwsCredentialsProviderChain.builder()
-                    .addCredentialsProvider(SystemPropertyCredentialsProvider.create())
-                    .addCredentialsProvider(EnvironmentVariableCredentialsProvider.create())
-                    .build();
+                return new ProviderWithMetrics(
+                    AwsCredentialsProviderChain.builder()
+                        .addCredentialsProvider(SystemPropertyCredentialsProvider.create())
+                        .addCredentialsProvider(EnvironmentVariableCredentialsProvider.create())
+                        .build(),
+                    BusinessMetricFeatureId.CREDENTIALS_ENV_VARS.value());
             default:
                 throw noSourceCredentialsException();
         }
@@ -318,36 +363,24 @@ private IllegalStateException noSourceCredentialsException() {
     }
 
     /**
-     * Extract business metrics from a credentials provider by resolving credentials and checking the provider name.
-     * This is used to propagate business metrics from source credentials to assume role operations.
+     * Simple data class to hold both a credentials provider and its business metrics.
      */
-    private String extractBusinessMetricsFromProvider(AwsCredentialsProvider credentialsProvider) {
-        try {
-            AwsCredentials credentials = credentialsProvider.resolveCredentials();
-            return credentials.providerName().orElse(null);
-        } catch (Exception e) {
-            return null;
-        }
-    }
+    private static final class ProviderWithMetrics {
+        private final AwsCredentialsProvider provider;
+        private final String metrics;
 
-    /**
-     * Helper method to create STS credentials provider with business metrics propagation.
-     * This method extracts business metrics from the source credentials provider and combines them
-     * with the profile-level business metrics before creating the STS credentials provider.
-     */
-    private AwsCredentialsProvider createStsCredentialsProviderWithMetrics(AwsCredentialsProvider sourceCredentialsProvider,
-                                                                           String profileMetric) {
-        String sourceMetrics = extractBusinessMetricsFromProvider(sourceCredentialsProvider);
+        ProviderWithMetrics(AwsCredentialsProvider provider, String metrics) {
+            this.provider = provider;
+            this.metrics = metrics;
+        }
 
-        String combinedSource = profileMetric;
-        if (sourceMetrics != null && !sourceMetrics.isEmpty()) {
-            combinedSource = profileMetric + "," + sourceMetrics;
+        AwsCredentialsProvider provider() {
+            return provider;
         }
 
-        ChildProfileCredentialsProviderFactory.ChildProfileCredentialsRequest request =
-            new ChildProfileCredentialsProviderFactory
-                .ChildProfileCredentialsRequest(sourceCredentialsProvider, profile, combinedSource);
-        return stsCredentialsProviderFactory().create(request);
+        String metrics() {
+            return metrics;
+        }
     }
 
     /**