Feature IDs implem for SSO Creds

Author: S-Saranya1

core/auth/src/main/java/software/amazon/awssdk/auth/credentials/internal/ProfileCredentialsUtils.java

@@ -261,7 +261,8 @@ private AwsCredentialsProvider roleAndSourceProfileBasedProfileCredentialsProvid
                                          .credentialsProvider(children))
                                      .orElseThrow(this::noSourceCredentialsException);
 
-        return stsCredentialsProviderFactory().create(sourceCredentialsProvider, profile);
+        String source = BusinessMetricFeatureId.CREDENTIALS_PROFILE_SOURCE_PROFILE.value();
+        return stsCredentialsProviderFactory().create(sourceCredentialsProvider, profile, source);
     }
 
     /**

services/sso/src/main/java/software/amazon/awssdk/services/sso/auth/SsoCredentialsProvider.java

@@ -25,11 +25,13 @@
 import software.amazon.awssdk.auth.credentials.AwsCredentials;
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
 import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
+import software.amazon.awssdk.core.useragent.BusinessMetricFeatureId;
 import software.amazon.awssdk.services.sso.SsoClient;
 import software.amazon.awssdk.services.sso.internal.SessionCredentialsHolder;
 import software.amazon.awssdk.services.sso.model.GetRoleCredentialsRequest;
 import software.amazon.awssdk.services.sso.model.RoleCredentials;
 import software.amazon.awssdk.utils.SdkAutoCloseable;
+import software.amazon.awssdk.utils.StringUtils;
 import software.amazon.awssdk.utils.builder.CopyableBuilder;
 import software.amazon.awssdk.utils.builder.ToCopyableBuilder;
 import software.amazon.awssdk.utils.cache.CachedSupplier;
@@ -51,14 +53,15 @@
 @SdkPublicApi
 public final class SsoCredentialsProvider implements AwsCredentialsProvider, SdkAutoCloseable,
                                                      ToCopyableBuilder<SsoCredentialsProvider.Builder, SsoCredentialsProvider> {
-    private static final String PROVIDER_NAME = "SsoCredentialsProvider";
+    private static final String PROVIDER_NAME = BusinessMetricFeatureId.CREDENTIALS_SSO.value();
 
     private static final Duration DEFAULT_STALE_TIME = Duration.ofMinutes(1);
     private static final Duration DEFAULT_PREFETCH_TIME = Duration.ofMinutes(5);
 
     private static final String ASYNC_THREAD_NAME = "sdk-sso-credentials-provider";
 
     private final Supplier<GetRoleCredentialsRequest> getRoleCredentialsRequestSupplier;
+    private final String source;
 
     private final SsoClient ssoClient;
     private final Duration staleTime;
@@ -77,6 +80,7 @@ private SsoCredentialsProvider(BuilderImpl builder) {
 
         this.staleTime = Optional.ofNullable(builder.staleTime).orElse(DEFAULT_STALE_TIME);
         this.prefetchTime = Optional.ofNullable(builder.prefetchTime).orElse(DEFAULT_PREFETCH_TIME);
+        this.source = builder.source;
 
         this.asyncCredentialUpdateEnabled = builder.asyncCredentialUpdateEnabled;
         CachedSupplier.Builder<SessionCredentialsHolder> cacheBuilder =
@@ -95,11 +99,11 @@ private SsoCredentialsProvider(BuilderImpl builder) {
      */
     private RefreshResult<SessionCredentialsHolder> updateSsoCredentials() {
         SessionCredentialsHolder credentials = getUpdatedCredentials(ssoClient);
-        Instant acutalTokenExpiration = credentials.sessionCredentialsExpiration();
+        Instant actualTokenExpiration = credentials.sessionCredentialsExpiration();
 
         return RefreshResult.builder(credentials)
-                            .staleTime(acutalTokenExpiration.minus(staleTime))
-                            .prefetchTime(acutalTokenExpiration.minus(prefetchTime))
+                            .staleTime(actualTokenExpiration.minus(staleTime))
+                            .prefetchTime(actualTokenExpiration.minus(prefetchTime))
                             .build();
     }
 
@@ -112,11 +116,19 @@ private SessionCredentialsHolder getUpdatedCredentials(SsoClient ssoClient) {
                                                                         .secretAccessKey(roleCredentials.secretAccessKey())
                                                                         .sessionToken(roleCredentials.sessionToken())
                                                                         .accountId(request.accountId())
-                                                                        .providerName(PROVIDER_NAME)
+                                                                        .providerName(providerName())
                                                                         .build();
         return new SessionCredentialsHolder(sessionCredentials, Instant.ofEpochMilli(roleCredentials.expiration()));
     }
 
+    private String providerName() {
+        String providerName = PROVIDER_NAME;
+        if (!StringUtils.isEmpty(this.source)) {
+            providerName = String.format("%s,%s", this.source, providerName);
+        }
+        return providerName;
+    }
+
     /**
      * The amount of time, relative to session token expiration, that the cached credentials are considered stale and
      * should no longer be used. All threads will block until the value is updated.
@@ -206,6 +218,12 @@ public interface Builder extends CopyableBuilder<Builder, SsoCredentialsProvider
          */
         Builder refreshRequest(Supplier<GetRoleCredentialsRequest> getRoleCredentialsRequestSupplier);
 
+        /**
+         * An optional string list of {@link software.amazon.awssdk.core.useragent.BusinessMetricFeatureId} denoting previous
+         * credentials providers that are chained with this one.
+         */
+        Builder source(String source);
+
         /**
          * Create a {@link SsoCredentialsProvider} using the configuration applied to this builder.
          * @return
@@ -220,6 +238,7 @@ protected static final class BuilderImpl implements Builder {
         private Duration staleTime;
         private Duration prefetchTime;
         private Supplier<GetRoleCredentialsRequest> getRoleCredentialsRequestSupplier;
+        private String source;
 
         BuilderImpl() {
 
@@ -231,6 +250,7 @@ public BuilderImpl(SsoCredentialsProvider provider) {
             this.staleTime = provider.staleTime;
             this.prefetchTime = provider.prefetchTime;
             this.getRoleCredentialsRequestSupplier = provider.getRoleCredentialsRequestSupplier;
+            this.source = provider.source;
         }
 
         @Override
@@ -268,6 +288,12 @@ public Builder refreshRequest(Supplier<GetRoleCredentialsRequest> getRoleCredent
             return this;
         }
 
+        @Override
+        public Builder source(String source) {
+            this.source = source;
+            return this;
+        }
+
         @Override
         public SsoCredentialsProvider build() {
             return new SsoCredentialsProvider(this);

services/sso/src/main/java/software/amazon/awssdk/services/sso/auth/SsoProfileCredentialsProviderFactory.java

@@ -63,37 +63,35 @@ public class SsoProfileCredentialsProviderFactory implements ProfileCredentialsP
      */
     @Override
     public AwsCredentialsProvider create(ProfileProviderCredentialsContext credentialsContext) {
-        return new SsoProfileCredentialsProvider(credentialsContext.profile(),
-                                                 credentialsContext.profileFile(),
-                                                 sdkTokenProvider(credentialsContext.profile(),
-                                                                  credentialsContext.profileFile()));
+        return new SsoProfileCredentialsProvider(credentialsContext, sdkTokenProvider(credentialsContext));
     }
 
     /**
      * Alternative method to create the {@link SsoProfileCredentialsProvider} with a customized {@link SsoAccessTokenProvider}.
      * This method is only used for testing.
      */
     @SdkTestInternalApi
-    public AwsCredentialsProvider create(Profile profile, ProfileFile profileFile,
+    public AwsCredentialsProvider create(ProfileProviderCredentialsContext credentialsContext,
                                          SdkTokenProvider tokenProvider) {
-        return new SsoProfileCredentialsProvider(profile, profileFile, tokenProvider);
+        return new SsoProfileCredentialsProvider(credentialsContext, tokenProvider);
     }
 
     /**
      * A wrapper for a {@link SsoCredentialsProvider} that is returned by this factory when {@link
-     * #create(ProfileProviderCredentialsContext)} * or {@link #create(Profile, ProfileFile, SdkTokenProvider)} is invoked. This
-     * wrapper is important because it ensures * the parent credentials provider is closed when the sso credentials provider is no
-     * longer needed.
+     * #create(ProfileProviderCredentialsContext)} * or {@link #create(ProfileProviderCredentialsContext, SdkTokenProvider)}
+     * is invoked. This wrapper is important because it ensures * the parent credentials provider is closed when the sso
+     * credentials provider is no longer needed.
      */
     private static final class SsoProfileCredentialsProvider implements AwsCredentialsProvider, SdkAutoCloseable {
         private final SsoClient ssoClient;
         private final SsoCredentialsProvider credentialsProvider;
 
-        private SsoProfileCredentialsProvider(Profile profile, ProfileFile profileFile,
+        private SsoProfileCredentialsProvider(ProfileProviderCredentialsContext credentialsContext,
                                               SdkTokenProvider tokenProvider) {
+            Profile profile = credentialsContext.profile();
             String ssoAccountId = profile.properties().get(ProfileProperty.SSO_ACCOUNT_ID);
             String ssoRoleName = profile.properties().get(ProfileProperty.SSO_ROLE_NAME);
-            String ssoRegion = regionFromProfileOrSession(profile, profileFile);
+            String ssoRegion = regionFromProfileOrSession(profile, credentialsContext.profileFile());
 
             this.ssoClient = SsoClient.builder()
                                       .credentialsProvider(AnonymousCredentialsProvider.create())
@@ -114,6 +112,7 @@ private SsoProfileCredentialsProvider(Profile profile, ProfileFile profileFile,
             this.credentialsProvider = SsoCredentialsProvider.builder()
                                                              .ssoClient(ssoClient)
                                                              .refreshRequest(supplier)
+                                                             .source(credentialsContext.source())
                                                              .build();
         }
 
@@ -157,7 +156,9 @@ private static Profile ssoSessionInProfile(String sessionName, ProfileFile profi
         return ssoProfile;
     }
 
-    private static SdkTokenProvider sdkTokenProvider(Profile profile, ProfileFile profileFile) {
+    private static SdkTokenProvider sdkTokenProvider(ProfileProviderCredentialsContext credentialsContext) {
+        Profile profile = credentialsContext.profile();
+        ProfileFile profileFile = credentialsContext.profileFile();
         Optional<String> ssoSession = profile.property(ProfileSection.SSO_SESSION.getPropertyKeyName());
 
 
@@ -172,11 +173,9 @@ private static SdkTokenProvider sdkTokenProvider(Profile profile, ProfileFile pr
                                           .profileFile(() -> profileFile)
                                           .profileName(profile.name())
                                           .build());
-        } else {
-            return new SsoAccessTokenProvider(generateCachedTokenPath(
-                profile.properties().get(ProfileProperty.SSO_START_URL), TOKEN_DIRECTORY));
-
         }
+        return new SsoAccessTokenProvider(generateCachedTokenPath(profile.properties().get(ProfileProperty.SSO_START_URL),
+                                                                  TOKEN_DIRECTORY));
     }
 
     private static void validateCommonProfileProperties(Profile profile, Profile ssoSessionProfileFile, String propertyName) {

services/sso/src/test/java/software/amazon/awssdk/services/sso/auth/SsoCredentialsProviderTest.java

@@ -27,6 +27,7 @@
 import org.junit.jupiter.api.Test;
 import org.mockito.Mockito;
 import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
+import software.amazon.awssdk.core.useragent.BusinessMetricFeatureId;
 import software.amazon.awssdk.services.sso.SsoClient;
 import software.amazon.awssdk.services.sso.model.GetRoleCredentialsRequest;
 import software.amazon.awssdk.services.sso.model.GetRoleCredentialsResponse;
@@ -136,7 +137,7 @@ private void callClientWithCredentialsProvider(Instant credentialsExpirationDate
                 assertThat(actualCredentials.accessKeyId()).isEqualTo("a");
                 assertThat(actualCredentials.secretAccessKey()).isEqualTo("b");
                 assertThat(actualCredentials.sessionToken()).isEqualTo("c");
-                assertThat(actualCredentials.providerName()).isPresent().contains("SsoCredentialsProvider");
+                assertThat(actualCredentials.providerName()).isPresent().contains(BusinessMetricFeatureId.CREDENTIALS_SSO.value());
                 assertThat(actualCredentials.accountId()).isPresent().contains("123456789");
             }
         }

services/sso/src/test/java/software/amazon/awssdk/services/sso/auth/SsoProfileCredentialsProviderFactoryTest.java

@@ -79,9 +79,12 @@ public void createSsoCredentialsProviderWithFactorySucceed() throws IOException
             cachedTokenFilePath);
 
         SsoProfileCredentialsProviderFactory factory = new SsoProfileCredentialsProviderFactory();
-        assertThat(factory.create(profileFile.profile("foo").get(),
-                                  profileFile,
-                                  tokenProvider)).isInstanceOf(AwsCredentialsProvider.class);
+        assertThat(factory.create(ProfileProviderCredentialsContext.builder()
+                                                                   .profile(profileFile.profile("foo").get())
+                                                                   .profileFile(profileFile)
+                                                                   .build(),
+                                  tokenProvider))
+            .isInstanceOf(AwsCredentialsProvider.class);
     }
 
     private Path prepareTestCachedTokenFile(String tokenFileContent, String generatedTokenFileName) throws IOException {
@@ -169,7 +172,10 @@ public void tokenResolvedFromTokenProvider(@Mock SdkTokenProvider sdkTokenProvid
                                              "sso_start_url=https//d-abc123.awsapps.com/start");
         SsoProfileCredentialsProviderFactory factory = new SsoProfileCredentialsProviderFactory();
         when(sdkTokenProvider.resolveToken()).thenReturn(SsoAccessToken.builder().accessToken("sample").expiresAt(Instant.now()).build());
-        AwsCredentialsProvider credentialsProvider = factory.create(profileFile.profile("test").get(), profileFile, sdkTokenProvider);
+        AwsCredentialsProvider credentialsProvider = factory.create(ProfileProviderCredentialsContext.builder()
+                                                                                                     .profile(profileFile.profile("test").get())
+                                                                                                     .profileFile(profileFile)
+                                                                                                     .build(), sdkTokenProvider);
         try {
             credentialsProvider.resolveCredentials();
         } catch (Exception e) {