Refactor CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN business metrics out of StsWebIdentityCredentialsProvider

0marperez · 0marperez · commit d7ba2b9ac3ce · 2024-10-17T15:10:49.000-04:00
diff --git a/aws-runtime/aws-config/api/aws-config.api b/aws-runtime/aws-config/api/aws-config.api
@@ -98,8 +98,8 @@ public final class aws/sdk/kotlin/runtime/auth/credentials/InvalidSsoTokenExcept
 }
 
 public final class aws/sdk/kotlin/runtime/auth/credentials/LazilyInitializedCredentialsProvider : aws/smithy/kotlin/runtime/auth/awscredentials/CredentialsProvider {
-	public fun <init> (Ljava/lang/String;Lkotlin/jvm/functions/Function0;)V
-	public synthetic fun <init> (Ljava/lang/String;Lkotlin/jvm/functions/Function0;ILkotlin/jvm/internal/DefaultConstructorMarker;)V
+	public fun <init> (Ljava/lang/String;Laws/smithy/kotlin/runtime/operation/ExecutionContext;Lkotlin/jvm/functions/Function0;)V
+	public synthetic fun <init> (Ljava/lang/String;Laws/smithy/kotlin/runtime/operation/ExecutionContext;Lkotlin/jvm/functions/Function0;ILkotlin/jvm/internal/DefaultConstructorMarker;)V
 	public fun resolve (Laws/smithy/kotlin/runtime/collections/Attributes;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;
 	public fun toString ()Ljava/lang/String;
 }
@@ -203,7 +203,6 @@ public final class aws/sdk/kotlin/runtime/auth/credentials/StsWebIdentityCredent
 	public synthetic fun <init> (Laws/sdk/kotlin/runtime/auth/credentials/AssumeRoleWithWebIdentityParameters;Ljava/lang/String;Laws/smithy/kotlin/runtime/util/PlatformProvider;Laws/smithy/kotlin/runtime/http/engine/HttpClientEngine;ILkotlin/jvm/internal/DefaultConstructorMarker;)V
 	public synthetic fun <init> (Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;JLaws/smithy/kotlin/runtime/util/PlatformProvider;Laws/smithy/kotlin/runtime/http/engine/HttpClientEngine;ILkotlin/jvm/internal/DefaultConstructorMarker;)V
 	public synthetic fun <init> (Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;JLaws/smithy/kotlin/runtime/util/PlatformProvider;Laws/smithy/kotlin/runtime/http/engine/HttpClientEngine;Lkotlin/jvm/internal/DefaultConstructorMarker;)V
-	public synthetic fun <init> (Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;JLaws/smithy/kotlin/runtime/util/PlatformProvider;Laws/smithy/kotlin/runtime/http/engine/HttpClientEngine;ZLkotlin/jvm/internal/DefaultConstructorMarker;)V
 	public final fun getHttpClient ()Laws/smithy/kotlin/runtime/http/engine/HttpClientEngine;
 	public final fun getPlatformProvider ()Laws/smithy/kotlin/runtime/util/PlatformProvider;
 	public final fun getRegion ()Ljava/lang/String;
diff --git a/aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/DefaultChainCredentialsProvider.kt b/aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/DefaultChainCredentialsProvider.kt
@@ -7,13 +7,15 @@ package aws.sdk.kotlin.runtime.auth.credentials
 
 import aws.sdk.kotlin.runtime.config.AwsSdkSetting
 import aws.sdk.kotlin.runtime.config.imds.ImdsClient
+import aws.sdk.kotlin.runtime.http.interceptors.AwsBusinessMetric
 import aws.smithy.kotlin.runtime.auth.awscredentials.*
+import aws.smithy.kotlin.runtime.businessmetrics.BusinessMetrics
 import aws.smithy.kotlin.runtime.collections.Attributes
-import aws.smithy.kotlin.runtime.collections.get
 import aws.smithy.kotlin.runtime.http.engine.DefaultHttpEngine
 import aws.smithy.kotlin.runtime.http.engine.HttpClientEngine
 import aws.smithy.kotlin.runtime.io.Closeable
 import aws.smithy.kotlin.runtime.io.closeIfCloseable
+import aws.smithy.kotlin.runtime.operation.ExecutionContext
 import aws.smithy.kotlin.runtime.util.PlatformProvider
 
 /**
@@ -53,7 +55,12 @@ public class DefaultChainCredentialsProvider constructor(
     private val chain = CredentialsProviderChain(
         SystemPropertyCredentialsProvider(platformProvider::getProperty),
         EnvironmentCredentialsProvider(platformProvider::getenv),
-        LazilyInitializedCredentialsProvider("EnvironmentStsWebIdentityCredentialsProvider") {
+        LazilyInitializedCredentialsProvider(
+            "EnvironmentStsWebIdentityCredentialsProvider",
+            ExecutionContext.build {
+                attributes[BusinessMetrics] = mutableSetOf(AwsBusinessMetric.Credentials.CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN.identifier)
+            },
+        ) {
             // STS web identity provider can be constructed from either the profile OR 100% from the environment
             StsWebIdentityCredentialsProvider.fromEnvironment(
                 platformProvider = platformProvider,
diff --git a/aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/LazilyInitializedCredentialsProvider.kt b/aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/LazilyInitializedCredentialsProvider.kt
@@ -2,23 +2,36 @@ package aws.sdk.kotlin.runtime.auth.credentials
 
 import aws.smithy.kotlin.runtime.auth.awscredentials.Credentials
 import aws.smithy.kotlin.runtime.auth.awscredentials.CredentialsProvider
+import aws.smithy.kotlin.runtime.businessmetrics.BusinessMetrics
+import aws.smithy.kotlin.runtime.businessmetrics.mergeBusinessMetrics
 import aws.smithy.kotlin.runtime.collections.Attributes
+import aws.smithy.kotlin.runtime.collections.MutableAttributes
+import aws.smithy.kotlin.runtime.collections.mergeExcept
+import aws.smithy.kotlin.runtime.operation.ExecutionContext
 
 /**
  * A [CredentialsProvider] implementation that delays the initialization of the underlying provider until
  * the first call to [resolve]. This is useful when the initialization of the credentials provider is expensive
  * or should be deferred until credentials are actually needed.
  *
  * @param providerName The name of the credentials provider that is being wrapped. Will default to "LazilyInitializedCredentialsProvider".
+ * @param executionContext Additional execution context to use when resolving credentials. Will default to an empty execution context.
  * @param initializer A lambda function that provides the actual [CredentialsProvider] to be initialized lazily.
  */
 public class LazilyInitializedCredentialsProvider(
     private val providerName: String = "LazilyInitializedCredentialsProvider",
+    private val executionContext: ExecutionContext = ExecutionContext(),
     initializer: () -> CredentialsProvider,
 ) : CredentialsProvider {
     private val provider = lazy(initializer)
 
-    override suspend fun resolve(attributes: Attributes): Credentials = provider.value.resolve(attributes)
+    override suspend fun resolve(attributes: Attributes): Credentials {
+        if (attributes is MutableAttributes) {
+            attributes.mergeExcept(executionContext, exceptions = setOf(BusinessMetrics))
+            attributes.mergeBusinessMetrics(executionContext)
+        }
+        return provider.value.resolve(attributes)
+    }
 
     override fun toString(): String = providerName
 }
diff --git a/aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/StsWebIdentityCredentialsProvider.kt b/aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/StsWebIdentityCredentialsProvider.kt
@@ -44,10 +44,6 @@ public class StsWebIdentityCredentialsProvider(
     public val platformProvider: PlatformProvider = PlatformProvider.System,
     public val httpClient: HttpClientEngine? = null,
 ) : CredentialsProvider {
-    /**
-     * Indicates if the class was created using [fromEnvironment]
-     */
-    private var createdFromEnvironment: Boolean = false
 
     /**
      * A [CredentialsProvider] that exchanges a Web Identity Token for credentials from the AWS Security Token Service
@@ -85,46 +81,6 @@ public class StsWebIdentityCredentialsProvider(
         httpClient,
     )
 
-    /**
-     * A [CredentialsProvider] that exchanges a Web Identity Token for credentials from the AWS Security Token Service
-     * (STS).
-     *
-     * @param roleArn The ARN of the target role to assume, e.g. `arn:aws:iam:123456789:role/example`
-     * @param webIdentityTokenFilePath The path to the file containing a JWT token
-     * @param region The AWS region to assume the role in
-     * @param roleSessionName The name to associate with the session. Use the role session name to uniquely identify a
-     * session when the same role is assumed by different principals or for different reasons. In cross-account
-     * scenarios, the role session name is visible to, and can be logged by the account that owns the role. The role
-     * session name is also in the ARN of the assumed role principal.
-     * @param duration The expiry duration of the credentials. Defaults to 15 minutes if not set.
-     * @param platformProvider The platform API provider
-     * @param httpClient the [HttpClientEngine] instance to use to make requests. NOTE: This engine's resources and
-     * lifetime are NOT managed by the provider. Caller is responsible for closing.
-     * @param createdFromEnvironment If the [StsWebIdentityCredentialsProvider] was created using [fromEnvironment].
-     */
-    private constructor(
-        roleArn: String,
-        webIdentityTokenFilePath: String,
-        region: String?,
-        roleSessionName: String? = null,
-        duration: Duration = DEFAULT_CREDENTIALS_REFRESH_SECONDS.seconds,
-        platformProvider: PlatformProvider = PlatformProvider.System,
-        httpClient: HttpClientEngine? = null,
-        createdFromEnvironment: Boolean,
-    ) : this(
-        AssumeRoleWithWebIdentityParameters(
-            roleArn = roleArn,
-            webIdentityTokenFilePath = webIdentityTokenFilePath,
-            roleSessionName = roleSessionName,
-            duration = duration,
-        ),
-        region,
-        platformProvider,
-        httpClient,
-    ) {
-        this.createdFromEnvironment = createdFromEnvironment
-    }
-
     public companion object {
         /**
          * Create an [StsWebIdentityCredentialsProvider] from the current execution environment. This will attempt
@@ -143,26 +99,14 @@ public class StsWebIdentityCredentialsProvider(
             val resolvedRoleArn = platformProvider.resolve(roleArn, AwsSdkSetting.AwsRoleArn, "roleArn")
             val resolvedTokenFilePath = platformProvider.resolve(webIdentityTokenFilePath, AwsSdkSetting.AwsWebIdentityTokenFile, "webIdentityTokenFilePath")
             val resolvedRegion = region ?: AwsSdkSetting.AwsRegion.resolve(platformProvider)
-            return StsWebIdentityCredentialsProvider(
-                resolvedRoleArn,
-                resolvedTokenFilePath,
-                resolvedRegion,
-                roleSessionName,
-                duration,
-                platformProvider,
-                httpClient,
-                createdFromEnvironment = true,
-            )
+            return StsWebIdentityCredentialsProvider(resolvedRoleArn, resolvedTokenFilePath, resolvedRegion, roleSessionName, duration, platformProvider, httpClient)
         }
     }
 
     override suspend fun resolve(attributes: Attributes): Credentials {
         val logger = coroutineContext.logger<StsAssumeRoleCredentialsProvider>()
         logger.debug { "retrieving assumed credentials via web identity" }
 
-        if (createdFromEnvironment) {
-            attributes.emitBusinessMetric(AwsBusinessMetric.Credentials.CREDENTIALS_ENV_VARS_STS_WEB_ID_TOKEN)
-        }
         attributes.emitBusinessMetric(AwsBusinessMetric.Credentials.CREDENTIALS_STS_ASSUME_ROLE_WEB_ID)
 
         val provider = this
