diff --git a/packages/core/src/submodules/client/index.ts b/packages/core/src/submodules/client/index.ts index 1a2cc9d139ff..492c6cdda988 100644 --- a/packages/core/src/submodules/client/index.ts +++ b/packages/core/src/submodules/client/index.ts @@ -1,3 +1,4 @@ export * from "./emitWarningIfUnsupportedVersion"; export * from "./setCredentialFeature"; export * from "./setFeature"; +export * from "./setTokenFeature"; diff --git a/packages/core/src/submodules/client/setTokenFeature.spec.ts b/packages/core/src/submodules/client/setTokenFeature.spec.ts new file mode 100644 index 000000000000..08424ec6ba4a --- /dev/null +++ b/packages/core/src/submodules/client/setTokenFeature.spec.ts @@ -0,0 +1,17 @@ +import { AttributedTokenIdentity } from "@aws-sdk/types"; +import { describe, expect, test as it } from "vitest"; + +import { setTokenFeature } from "./setTokenFeature"; + +describe(setTokenFeature.name, () => { + it("should create the data path if it does't exist", () => { + const token = { token: "" } as AttributedTokenIdentity; + + expect(setTokenFeature(token, "BEARER_SERVICE_ENV_VARS", "3")).toEqual({ + token: "", + $source: { + BEARER_SERVICE_ENV_VARS: "3", + }, + }); + }); +}); diff --git a/packages/core/src/submodules/client/setTokenFeature.ts b/packages/core/src/submodules/client/setTokenFeature.ts new file mode 100644 index 000000000000..b22e64c9d65e --- /dev/null +++ b/packages/core/src/submodules/client/setTokenFeature.ts @@ -0,0 +1,18 @@ +import type { AttributedTokenIdentity, AwsSdkTokenFeatures } from "@aws-sdk/types"; + +/** + * @internal + * + * @returns the token with source feature attribution. + */ +export function setTokenFeature( + token: AttributedTokenIdentity, + feature: F, + value: AwsSdkTokenFeatures[F] +): AttributedTokenIdentity { + if (!token.$source) { + token.$source = {}; + } + token.$source![feature] = value; + return token; +} diff --git a/packages/token-providers/src/fromEnvSigningName.spec.ts b/packages/token-providers/src/fromEnvSigningName.spec.ts index f570dfedba78..856c391f1af9 100644 --- a/packages/token-providers/src/fromEnvSigningName.spec.ts +++ b/packages/token-providers/src/fromEnvSigningName.spec.ts @@ -1,9 +1,9 @@ -import { getBearerTokenEnvKey } from "@aws-sdk/core"; +import { getBearerTokenEnvKey } from "@aws-sdk/core/httpAuthSchemes"; import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import { fromEnvSigningName } from "./fromEnvSigningName"; -vi.mock("@aws-sdk/core"); +vi.mock("@aws-sdk/core/httpAuthSchemes"); describe(fromEnvSigningName.name, () => { const originalEnv = process.env; @@ -40,7 +40,12 @@ describe(fromEnvSigningName.name, () => { const mockBearerToken = "mock-bearer-token"; process.env[mockBearerTokenEnvKey] = mockBearerToken; const token = await fromEnvSigningName(mockInit)(); - expect(token).toEqual({ token: mockBearerToken }); + expect(token).toEqual({ + token: mockBearerToken, + $source: { + BEARER_SERVICE_ENV_VARS: "3", + }, + }); expect(getBearerTokenEnvKey).toHaveBeenCalledWith(mockInit.signingName); }); }); diff --git a/packages/token-providers/src/fromEnvSigningName.ts b/packages/token-providers/src/fromEnvSigningName.ts index c0a358bbaeed..a53939919f47 100644 --- a/packages/token-providers/src/fromEnvSigningName.ts +++ b/packages/token-providers/src/fromEnvSigningName.ts @@ -1,5 +1,6 @@ -import { getBearerTokenEnvKey } from "@aws-sdk/core"; -import type { CredentialProviderOptions, TokenIdentityProvider } from "@aws-sdk/types"; +import { setTokenFeature } from "@aws-sdk/core/client"; +import { getBearerTokenEnvKey } from "@aws-sdk/core/httpAuthSchemes"; +import type { AttributedTokenIdentity, CredentialProviderOptions, TokenIdentityProvider } from "@aws-sdk/types"; import { TokenProviderError } from "@smithy/property-provider"; /** @@ -33,5 +34,8 @@ export const fromEnvSigningName = throw new TokenProviderError(`Token not present in '${bearerTokenKey}' environment variable`, { logger }); } - return { token: process.env[bearerTokenKey]! }; + const token = { token: process.env[bearerTokenKey]! } as AttributedTokenIdentity; + setTokenFeature(token, "BEARER_SERVICE_ENV_VARS", "3"); + + return token; }; diff --git a/packages/types/src/feature-ids.ts b/packages/types/src/feature-ids.ts index 6464a693651b..a62c25811a33 100644 --- a/packages/types/src/feature-ids.ts +++ b/packages/types/src/feature-ids.ts @@ -32,7 +32,8 @@ export type AwsSdkFeatures = Partial<{ FLEXIBLE_CHECKSUMS_RES_WHEN_REQUIRED: "c"; DDB_MAPPER: "d"; }> & - AwsSdkCredentialsFeatures; + AwsSdkCredentialsFeatures & + AwsSdkTokenFeatures; /** * @internal @@ -62,3 +63,10 @@ export type AwsSdkCredentialsFeatures = Partial<{ CREDENTIALS_HTTP: "z"; CREDENTIALS_IMDS: "0"; }>; + +/** + * @internal + */ +export type AwsSdkTokenFeatures = Partial<{ + BEARER_SERVICE_ENV_VARS: "3"; +}>; diff --git a/packages/types/src/identity/TokenIdentity.ts b/packages/types/src/identity/TokenIdentity.ts index 66301bc706c5..0b60067d15da 100644 --- a/packages/types/src/identity/TokenIdentity.ts +++ b/packages/types/src/identity/TokenIdentity.ts @@ -1 +1,13 @@ +import type { TokenIdentity } from "@smithy/types"; + +import type { AwsSdkTokenFeatures } from "../feature-ids"; export { TokenIdentity, TokenIdentityProvider } from "@smithy/types"; + +/** + * @public + * + * TokenIdentity with source attribution metadata. + */ +export type AttributedTokenIdentity = TokenIdentity & { + $source?: AwsSdkTokenFeatures; +};