Add account ID to resolved SSO session credentials (#5592)

davidh44 · web-flow · commit a7ddf54d406b · 2024-09-12T21:10:59.000Z
diff --git a/services/sso/src/main/java/software/amazon/awssdk/services/sso/auth/SsoCredentialsProvider.java b/services/sso/src/main/java/software/amazon/awssdk/services/sso/auth/SsoCredentialsProvider.java
@@ -111,6 +111,7 @@ private SessionCredentialsHolder getUpdatedCredentials(SsoClient ssoClient) {
                                                                         .accessKeyId(roleCredentials.accessKeyId())
                                                                         .secretAccessKey(roleCredentials.secretAccessKey())
                                                                         .sessionToken(roleCredentials.sessionToken())
+                                                                        .accountId(request.accountId())
                                                                         .providerName(PROVIDER_NAME)
                                                                         .build();
         return new SessionCredentialsHolder(sessionCredentials, Instant.ofEpochMilli(roleCredentials.expiration()));
diff --git a/services/sso/src/test/java/software/amazon/awssdk/services/sso/auth/SsoCredentialsProviderTest.java b/services/sso/src/test/java/software/amazon/awssdk/services/sso/auth/SsoCredentialsProviderTest.java
@@ -90,7 +90,10 @@ public void distantExpiringCredentialsUpdatedInBackground_OverridePrefetchAndSta
 
 
     private GetRoleCredentialsRequestSupplier getRequestSupplier() {
-        return new GetRoleCredentialsRequestSupplier(GetRoleCredentialsRequest.builder().build(), "cachedToken");
+        return new GetRoleCredentialsRequestSupplier(GetRoleCredentialsRequest.builder()
+                                                                              .accountId("123456789")
+                                                                              .build(),
+                                                     "cachedToken");
     }
 
     private GetRoleCredentialsResponse getResponse(RoleCredentials roleCredentials) {
@@ -134,6 +137,7 @@ private void callClientWithCredentialsProvider(Instant credentialsExpirationDate
                 assertThat(actualCredentials.secretAccessKey()).isEqualTo("b");
                 assertThat(actualCredentials.sessionToken()).isEqualTo("c");
                 assertThat(actualCredentials.providerName()).isPresent().contains("SsoCredentialsProvider");
+                assertThat(actualCredentials.accountId()).isPresent().contains("123456789");
             }
         }
 

Original file line number	Diff line number	Diff line change
`@@ -90,7 +90,10 @@ public void distantExpiringCredentialsUpdatedInBackground_OverridePrefetchAndSta`
`90`	`90`
`91`	`91`
`92`	`92`	`private GetRoleCredentialsRequestSupplier getRequestSupplier() {`
`93`		`- return new GetRoleCredentialsRequestSupplier(GetRoleCredentialsRequest.builder().build(), "cachedToken");`
	`93`	`+ return new GetRoleCredentialsRequestSupplier(GetRoleCredentialsRequest.builder()`
	`94`	`+ .accountId("123456789")`
	`95`	`+ .build(),`
	`96`	`+ "cachedToken");`
`94`	`97`	`}`
`95`	`98`
`96`	`99`	`private GetRoleCredentialsResponse getResponse(RoleCredentials roleCredentials) {`
`@@ -134,6 +137,7 @@ private void callClientWithCredentialsProvider(Instant credentialsExpirationDate`
`134`	`137`	`assertThat(actualCredentials.secretAccessKey()).isEqualTo("b");`
`135`	`138`	`assertThat(actualCredentials.sessionToken()).isEqualTo("c");`
`136`	`139`	`assertThat(actualCredentials.providerName()).isPresent().contains("SsoCredentialsProvider");`
	`140`	`+ assertThat(actualCredentials.accountId()).isPresent().contains("123456789");`
`137`	`141`	`}`
`138`	`142`	`}`
`139`	`143`